TechRepublic|Forums|Networks

Networks

Question

  • Creator
    Topic
  • December 13, 2011 at 10:26 am #2209361

    Am I doing this right, Shared Folder Permissions SBS2003?

    Locked

    by jucream · about 10 years, 5 months ago

    Hi There –

    I work at a very small nonprofit organization and have been handed the task of replacing our server. It is running SBS2003 Premium and I wanted to verify that I went about setting this up right in terms of access to the shared folders.

    We are setting up a domain w/o My Documents redirection. I would like the users themselves to be able to install software on their computer. And want to setup shared folders on our D drive.

    My intentions are to have 3 folders on the D drive setup to share 1 for our computer lab that allows access to Staff Members (Staff); Management (Special Staff), and our clients (Lab User) – all can create, modify, open etc…; A Staff Shared Folder, that can be accessed by Staff Members to save, create, edit share documents etc… and a secure data folder that only Special Staff can access NOT lab users; all folders etc… should not be able to be accessed unless they are a member of these 3 groups.

    I setup 3 security groups:
    Staff
    Special Staff
    Lab User

    I then created 3 User Templates:
    Staff Member (Added security groups: Staff, Domain User)
    Special Staff Member (Security groups: Staff, Special Staff, Domain User)
    Lab User (Lab User, Domain User)

    QUESTION 1: for some reason, in the Properties > Member of, Administrator Template and Power User Template have been added automatically. Is this correct or should I remove these?

    Question 2: I then created 3 shared folders on the D: Drive; Staff Shared Folders, Lab Shared Folders, Secured Data

    D: Drive is setup with Security (Full Control for Administrators and System, all check boxes unchecked for Domain Users)

    Lab Shared Folders – Sharing/Permissions (Domain Users = Full Control); Security (Administrators/Staff/System=Full Control; Lab User = All check boxes EXCEPT Full Control/Special)

    Staff Shared Folders – Sharing/Permissions (Domain Users = Full Control); Security (Administrators/Staff/System = Full Control; Lab Users = Deny)

    Secured Data – Sharing/Permissions (Domain Users = Full Control); Security (Administrators/System/Special Staff = Full Control; Lab Users = Deny)

    I have read a lot in the SBS 2003 administrators companion and online and have been having a hard time wrapping my mind around this. If someone could help point out if these setting are correct for what I want to do, I would greatly appreciate it!

    Justin

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Answers

  • Author
    Replies
    • December 13, 2011 at 10:26 am #2445295

      Clarifications

      by jucream · about 10 years, 5 months ago

      In reply to Am I doing this right, Shared Folder Permissions SBS2003?

      Clarifications

    • December 13, 2011 at 12:42 pm #2445286

      Two things…

      by cmiller5400 · about 10 years, 5 months ago

      In reply to Am I doing this right, Shared Folder Permissions SBS2003?

      Remember, Deny permissions take precedence over allow, even for administrators.

      Also, giving Full Control of a folder to a non administrator allows them to change security permissions on that folder, thus making your life harder if someone is ambitious… Consider giving them just what they need (Modify, Read & Execute, List Folder Contents, Read, Write) essentially everything but access control to the folder.

  • Author
    Replies
Viewing 1 reply thread