NTFS permissions

[Guest]

Hi,

I need to set up a public folder which will hold separate subfolders for
each user on the system (htere are 20 users)

Each of these subfolders needs to be accessible from the clients running win
XP
and each of them needs to be accessible to only user it belongs to (so user
will be able to read/create/delete files/folders within it, while other users
on the system should have no access to it at all)

I tried to set up permissions so that "user1" has "Full NTFS permissions"
for "user1" folder and I removed the "Users" group "Read" permissions that
was inherited from its parent folder, as a result when i try to access
"user1" folder from win XP client (logged on as "user1") I can rad the
contents of the folder but I can't write to it even though "user1" has Full
NTFS permissions". Other users can't access the "user1" folder, which is fine.

Can you please give me an advice on how to solve my problem and am I on the
right track?

Kind regards,
Slobodan

 

[mark]

I am guessing you have a share set as USERS and then each users folder
inside of it?
Example: USERS\User1 , USERS\User2, etc.

If so, check your share permissions of USERS - you probably have "Everyone"
set to read only.

 

[Guest]

Hi Mark,

The only group in USERS folder is "Users" they have "Read" share permission
and
"Read", "Read and Execute", "List Folder Contents" NTFS permissions.
I removed the Everyone group from USERS folder so it does not apperar in the
list of usres/groups.
I also didn't want to give more powerfull permissions other than "Read" to
"Users" group because it would allow them to delete each others folders and
also allow them to create files and folders outside their directories, which
is not the way I want it to be.

Any suggestions?

Kind regards,
Slobodan

 

[mark]

Hello again

Think of it this way - share permissions decide who is allowed what
permissions to the share resource. The NTFS permissions actually let them do
something on disk. If you set "Everyone" to read/write but NTFS permissions
only allows Administrators any access, "everyone" can connect to the share
resource - but only admins can read, write or do anything productive.

With share permissions and NTFS permissions, the most strict permission
always wins. In your case, since your share permission is only read for
"Users" - nobody connecting to that share as a member of the "Users" group
will ever be able to do more than read.

Now, it may be the late hour, but if you are going to use NTFS permissions
to explicitly allow or deny access to the subfolders, you should be able to
set "Users" share permissions to read/write on the USERS folder - and then
on your users subfolders you would use NTFS to restrict access to an
individual user (ie. remove "Users" group from NTFS permissions, and add in
the individual user that will have control of that folder - you may have to
"uninherit" permissions from parent folder.)

Looking something like:
USERS : "Users" Read/Write Share Permissions
USERS\JohnDoe : Only have JohnDoe with FullControl (along with admins and
backup operators of course )

That sort of make sense?

 

[Guest]

Great Mark,

That solves my problem

Regards,
Slobodan