Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re: access one folder only
Re: access one folder only [message #156509] Thu, 18 June 2009 10:02 Go to next message
florian  is currently offline florian  Switzerland
Messages: 484
Registered: July 2009
Senior Member
Howdie!

"dlw" wrote:
> We have a network drive that everyone has full control. Now I need to set
> it
> up so one user is denied access to everything but one folder. Is there an
> easy way to do that?

Deny that person access to the other folders.

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
Re: access one folder only [message #156520 is a reply to message #156509] Thu, 18 June 2009 12:43 Go to previous messageGo to next message
dlw  is currently offline dlw
Messages: 38
Registered: September 2009
Member
we are talking about several hundred folders on the drive
I might as well set up some groups and do it the right way...

"Florian Frommherz [MVP]" wrote:

> Howdie!
>
> "dlw" wrote:
> > We have a network drive that everyone has full control. Now I need to set
> > it
> > up so one user is denied access to everything but one folder. Is there an
> > easy way to do that?
>
> Deny that person access to the other folders.
>
> Cheers,
> Florian
> --
> Microsoft MVP - Group Policy
> eMail: prename [at] frickelsoft [dot] net.
> blog: http://www.frickelsoft.net/blog.
> Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste
>
>
Re: access one folder only [message #156536 is a reply to message #156520] Thu, 18 June 2009 22:01 Go to previous message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"dlw" <dlw@discussions.microsoft.com> wrote in message
news:87D1960A-74F7-48F8-97E6-9021FEF29412@microsoft.com...
> we are talking about several hundred folders on the drive
> I might as well set up some groups and do it the right way...
>

If you have several hundred, yes, remove the Everyone group, as already
advised, and specifically create groups based on role, function or both, and
add the groups with their respective permissions appropriately. Be careful
with the Deny permission. If any of the users overlap groups and you add the
two groups a member is in, and you deny one of them, well the deny precedes
the permission on the other group they're in effectively denying them. That
is called an explicit deny.

It is better in many cases, to simply add the groups that are allowed and do
not add the ones that are not. If the group or account is not in the ACL,
they are implied no access, therefore they cannot access it. If you have to
add the user later to the group to allow access, then they will be able to
access the resources without fear of an explicit denial that will prevent
them otherwise.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right
things." - Peter F. Drucker
http://twitter.com/acefekay
Previous Topic:Re: search by last name in Select Users, Computers, Groups dialog?
Next Topic:Slow Application Access after joining the client to Domain
Goto Forum:
  


Current Time: Fri Oct 20 02:53:45 EDT 2017

Total time taken to generate the page: 0.05201 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software