Asif <(E-Mail Removed)> wrote:
> need one thing.
> I want share a folder through server and also sub folders like
>
> i create one folder in server drive name is Common
> and create 4 sub folders 1-sales 2- marketing 3-documents 4-contacts.
>
> now i have 4 client in active directory all are only users group
> members and created in one ou name workers
> user1, user 2, user3, user 4
>
> now i want set different permissions on all
> i have to set the permissions that for user 1 can access sales and
> marketing folders full and documents only read.
> user 2 can access only read all the folders.
> user 3 can access read sales and write in contacts
>
> i go right click on common folders and share and go in permissions
> enter every one full control
> and then go in sub folders add all members in all folders and set the
> permission in security tab because all sub folders are not shared so
> go in security tab and click user one give read and write access. then
> go in documents folder in security tab add user and give only read
> permission and set same to all
I suggest you rethink this approach, and don't set different permissions on
subfolders within any given shared folder. That can become a nightmare to
maintain.
Instead, keep things simple - set up Sales, Marketing, Documents and
Contacts, as four individual shared folders (at the same level in the file
system). Then you can very easily use groups to lock down the NTFS
permissions.
E.g.:
d:\data
\Sales)
\Marketing
\Documents
\Contacts
Share each as a hidden share (e.g., SALES$, MARKETING$) to keep them hidden
from browsing. Set up your AD security groups (Sales, Marketing, etc) with
Modify rights - keep Administrators & System = full control. Copy the parent
folder permissions and then remove any other groups in there, such as Domain
Users.
Keep the share permissions on Everyone=Full Control.
> but the problem is that those user who have only read permission they
> can copy and paste in local drive and when open any files in share
> folder bcoz they have read permission so they can open the file and
> add some entries but after saving it gives access deny give in another
> location on ur local hard disk can save
> 1-i want user cant copy and past data in local drive mean any of data
> which is available in network share folder user cant copy in local
> hard disk or any external drive like usb
If someone can access a file at all, they can copy it. So, none of this
addresses your data security request, which is another issue. You really
can't control this, not without digital rights management and whatnot (I
know nothing about that).
If you're using Active Directory, you can centrally lock down access to USB
drives, and the local hard drive, via group policy, but that's a question
for another newsgroup (if you post in microsoft.public.windows.group_policy,
be specific about the "locking down" bits - don't include all the file
share stuff you posted in here, as it won't be relevant).
Hope this helps.
>
> please give me the solution i m in trouble.so please help me.
> I shall be thankful to your this efforts.
>
> Best Regards
> Asif Iqbal
> Dubai.UAE
|
Similar Threads
Linear Mode
