Windows Server 2008 File Sharing Security Help

Discussion in 'Silicon (v)Alley' started by mr man fan, May 2, 2014.

  1. #1 mr man fan, May 2, 2014
    Last edited by a moderator: May 2, 2014
    Hello good people of GC, have a quick question and wondering if anyone here who knows about Windows Server can help me out a little...
     
    Basically I am trying to make certain folders only available to users based on what group they are in. On my network I have 5 groups representing 5 departments in an office. I have a shared space for each of these groups to access. I want, for example, members of my business group to be the only ones (besides administrators) to be able to access the business folder.

    Currently I have these department folders (business, sales, finance etc) as sub folders of a folder called "Departments" . I have granted each of the groups access to the departments folder and then am trying to only allow users to access the department folder that relates to them.
     
    What is happening though is that security permissions are being inherited from the departments folder and so everyone can access the individual folders within and I can not remove, say, the sales people as having permission to enter the business folder.
     
    Is it possible to set individual security permissions within sub folders? Or do I have to have every folder  I want to have special permissions on the root...that doesnt seem right to me though. 

    If anyone can just point me in the right direction from what I have just said I would be more than grateful. 
     
  2. #2 mr man fan, May 2, 2014
    It seems that simply denying the others permission works (rather than removing them). 

    That's fine for now I guess and has solved my problem but it seems to me that there may be a better and more efficient way to do this still...
     
  3. #3 mr man fan, May 2, 2014
    It seems that simply denying the others permission works (rather than removing them). 

    That's fine for now I guess and has solved my problem but it seems to me that there may be a better and more efficient way to do this still...
     
  4. #4 cigarbear, Sep 2, 2014
    It can be done several ways the quickest is just setup folder permissions to do it but remember to tell it not to inherit the permissions of the main folder if using subfolders.
     
    If you are using Active Directory you can always just setup up each department as a group and then assign those groups to the folders. This option makes it easier for administration as you can just add users in the department groups from powershell or users and computers in the directory.
     
    Lastly if you are using AD you can also write a GPO that auto maps the shares to make your life easier
     

Share This Page