-
October 18th, 2006, 01:44 PM
#1
Junior Member
NTFS ACL and user groups
Hi
Can say whether this is the right forum for this question, as this question might come more into AD issues than microsoft security but still i m sure i will get the answer that's why am putting it in here as well.
I got shared folders and have puti n DFS.
Am running Win2k3 SP1 and domain functional level is the highest, i.e. windows 2003
Have created security groups in the AD, and have added some users to the groups.
Now wht i had wanted was to give access to the shared folders to specific groups. By default the sharing permission is everyone read only. I have tried few options to achieve :
1) removed everyone and added the the security groups and the NTFS acl's are default.
2) Also tried with keeping everyone in the shares permission with read and change permission, and in NTFS permissions removed the inheritance and added the security groups with full permissions.
What i wanted is that only specific users get access to specific folders, but using groups i m not able to achieve this. I even changed the groups to universal, global, and domain local, but nothing is helping.
If i add a particular user to the permissions then that user can access that folder, but if the group is added and that user is part of that group then he get access denied.
Where are the permissions conflicting, i just dont know. Or is it that shares through DFS have got some issues with permissions.
Any suggestions or any links to read further on permissions, would be very helpful.
Thanks
You can close your eyes to what you donot want to see,
But you cannot close your heart to what you donot want to feel.
-
October 18th, 2006, 01:47 PM
#2
AFAIK...at the share level users need full control....then you can use the security tab (file and folder permissions)and further define what the users\ groups and do
instead of the Everyone group you can use Authenticated Users
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
October 18th, 2006, 02:38 PM
#3
Junior Member
This has worked, thanks a lot.
But then does everyone doesnot include authenticated users
You can close your eyes to what you donot want to see,
But you cannot close your heart to what you donot want to feel.
-
October 18th, 2006, 02:58 PM
#4
Everyone ...means EVERYONE
Authenticated included..
Although Authenicated doesnt include Everyone
Authenticated is users with a username and password.
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|