Permissions on Shared Files

Archived from groups: microsoft.public.win2000.security (More info?)

I was hoping someone could help me with an small issue
I'm having with assigning permissions to users.

This is my situation...

I have a shared folder on the network with a number of
subdirecotires (lets say one for each country) and I have
created groups of users for each of those country
folders. The problem I'm having is that I only want the
users to be able to view the folder for the country that
they're allowed to access (ie not to see all the other
subdirectories in the share, I've tried a number of
different permission settings including denying list
folder contents, but I keep getting access denied at the
top level shared folder.

Please can someone help me out, I'm going around in
circles, and I'm convinced I'm just missing something
simple.

Many Thanks in Advance for any help.

Reagrds

Michelle T
5 answers Last reply
More about permissions shared files
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Yes that is possible (just tested it on our network here).

    To do it, give all of the groups access to the root folder (NTFS and Share
    permissions), then on each of the subfolders, go into the security (NTFS)
    permissions on each folder, and de-select the 'Allow inheritable permissions
    from parent to propagate to this object', so you can change the permissions.
    Remove all of the groups except those you want to have access. Repeat with
    each sub-folder.

    You'll then find that each user can access the main share, and will see all
    the sub-folders, but will get an access denied on all folders except the one
    they've been given permissions to.

    Keith


    "Michelle T" <anonymous@discussions.microsoft.com> wrote in message
    news:2d62e01c46b1d$63137660$a601280a@phx.gbl...
    > I was hoping someone could help me with an small issue
    > I'm having with assigning permissions to users.
    >
    > This is my situation...
    >
    > I have a shared folder on the network with a number of
    > subdirecotires (lets say one for each country) and I have
    > created groups of users for each of those country
    > folders. The problem I'm having is that I only want the
    > users to be able to view the folder for the country that
    > they're allowed to access (ie not to see all the other
    > subdirectories in the share, I've tried a number of
    > different permission settings including denying list
    > folder contents, but I keep getting access denied at the
    > top level shared folder.
    >
    > Please can someone help me out, I'm going around in
    > circles, and I'm convinced I'm just missing something
    > simple.
    >
    > Many Thanks in Advance for any help.
    >
    > Reagrds
    >
    > Michelle T
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Keith Langmead wrote:

    > Yes that is possible (just tested it on our network here).
    >
    > To do it, give all of the groups access to the root folder (NTFS and Share
    > permissions), then on each of the subfolders, go into the security (NTFS)
    > permissions on each folder, and de-select the 'Allow inheritable permissions
    > from parent to propagate to this object', so you can change the permissions.
    > Remove all of the groups except those you want to have access. Repeat with
    > each sub-folder.
    >
    > You'll then find that each user can access the main share, and will see all
    > the sub-folders, but will get an access denied on all folders except the one
    > they've been given permissions to.
    Hi

    Well, then Michelle is just as far, because the main goal was to *not*
    see the sub-folders that the user did not have permissions to open.


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/community/scriptcenter/default.mspx
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    On Fri, 16 Jul 2004 03:12:23 -0700, "Michelle T"
    <anonymous@discussions.microsoft.com> wrote in
    microsoft.public.win2000.security:

    >I was hoping someone could help me with an small issue
    >I'm having with assigning permissions to users.
    >
    >This is my situation...
    >
    >I have a shared folder on the network with a number of
    >subdirecotires (lets say one for each country) and I have
    >created groups of users for each of those country
    >folders. The problem I'm having is that I only want the
    >users to be able to view the folder for the country that
    >they're allowed to access (ie not to see all the other
    >subdirectories in the share, I've tried a number of
    >different permission settings including denying list
    >folder contents, but I keep getting access denied at the
    >top level shared folder.
    >
    >Please can someone help me out, I'm going around in
    >circles, and I'm convinced I'm just missing something
    >simple.

    Can't be done this way with Microsoft Networking - Novell Netware can.

    The only workaround I know is to directly map the relevant directory for
    the users in question:

    To share:
    Net Share Australia=D:\Data\Countries\Australia

    To use:
    Net Use G: \\Server\Australia

    The latter obviously requires wrapping in some sort of group membership
    test, like ifmember.exe (Resource Kit) or InGroup (KiXtart).

    Good luck.

    --
    Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Michael,

    Thank you so much for getting back to me. I was afraid
    that might be the case.

    Many Thanks Again

    Michelle


    >-----Original Message-----
    >On Fri, 16 Jul 2004 03:12:23 -0700, "Michelle T"
    ><anonymous@discussions.microsoft.com> wrote in
    >microsoft.public.win2000.security:
    >
    >>I was hoping someone could help me with an small issue
    >>I'm having with assigning permissions to users.
    >>
    >>This is my situation...
    >>
    >>I have a shared folder on the network with a number of
    >>subdirecotires (lets say one for each country) and I
    have
    >>created groups of users for each of those country
    >>folders. The problem I'm having is that I only want the
    >>users to be able to view the folder for the country
    that
    >>they're allowed to access (ie not to see all the other
    >>subdirectories in the share, I've tried a number of
    >>different permission settings including denying list
    >>folder contents, but I keep getting access denied at
    the
    >>top level shared folder.
    >>
    >>Please can someone help me out, I'm going around in
    >>circles, and I'm convinced I'm just missing something
    >>simple.
    >
    >Can't be done this way with Microsoft Networking -
    Novell Netware can.
    >
    >The only workaround I know is to directly map the
    relevant directory for
    >the users in question:
    >
    >To share:
    >Net Share Australia=D:\Data\Countries\Australia
    >
    >To use:
    >Net Use G: \\Server\Australia
    >
    >The latter obviously requires wrapping in some sort of
    group membership
    >test, like ifmember.exe (Resource Kit) or InGroup
    (KiXtart).
    >
    >Good luck.
    >
    >--
    >Michael Bednarek http://mbednarek.com/ "POST NO
    BILLS"
    >.
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Ahhh, good point, must have missed that part of her requirements. Sorry.

    That'll teach me to answer any posts at the end of a long day at work.

    Keith

    "Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
    news:e6iUFz1aEHA.3204@TK2MSFTNGP09.phx.gbl...
    > Keith Langmead wrote:
    >
    > > Yes that is possible (just tested it on our network here).
    > >
    > > To do it, give all of the groups access to the root folder (NTFS and
    Share
    > > permissions), then on each of the subfolders, go into the security
    (NTFS)
    > > permissions on each folder, and de-select the 'Allow inheritable
    permissions
    > > from parent to propagate to this object', so you can change the
    permissions.
    > > Remove all of the groups except those you want to have access. Repeat
    with
    > > each sub-folder.
    > >
    > > You'll then find that each user can access the main share, and will see
    all
    > > the sub-folders, but will get an access denied on all folders except the
    one
    > > they've been given permissions to.
    > Hi
    >
    > Well, then Michelle is just as far, because the main goal was to *not*
    > see the sub-folders that the user did not have permissions to open.
    >
    >
    > --
    > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    > Administration scripting examples and an ONLINE version of
    > the 1328 page Scripting Guide:
    > http://www.microsoft.com/technet/community/scriptcenter/default.mspx
Ask a new question

Read More

Permissions Windows