Am I doing this right, Shared Folder Permissions SBS2003?

By jucream ·
Hi There -

I work at a very small nonprofit organization and have been handed the task of replacing our server. It is running SBS2003 Premium and I wanted to verify that I went about setting this up right in terms of access to the shared folders.

We are setting up a domain w/o My Documents redirection. I would like the users themselves to be able to install software on their computer. And want to setup shared folders on our D drive.

My intentions are to have 3 folders on the D drive setup to share 1 for our computer lab that allows access to Staff Members (Staff); Management (Special Staff), and our clients (Lab User) - all can create, modify, open etc...; A Staff Shared Folder, that can be accessed by Staff Members to save, create, edit share documents etc... and a secure data folder that only Special Staff can access NOT lab users; all folders etc... should not be able to be accessed unless they are a member of these 3 groups.

I setup 3 security groups:
Special Staff
Lab User

I then created 3 User Templates:
Staff Member (Added security groups: Staff, Domain User)
Special Staff Member (Security groups: Staff, Special Staff, Domain User)
Lab User (Lab User, Domain User)

QUESTION 1: for some reason, in the Properties > Member of, Administrator Template and Power User Template have been added automatically. Is this correct or should I remove these?

Question 2: I then created 3 shared folders on the Drive; Staff Shared Folders, Lab Shared Folders, Secured Data

Drive is setup with Security (Full Control for Administrators and System, all check boxes unchecked for Domain Users)

Lab Shared Folders - Sharing/Permissions (Domain Users = Full Control); Security (Administrators/Staff/System=Full Control; Lab User = All check boxes EXCEPT Full Control/Special)

Staff Shared Folders - Sharing/Permissions (Domain Users = Full Control); Security (Administrators/Staff/System = Full Control; Lab Users = Deny)

Secured Data - Sharing/Permissions (Domain Users = Full Control); Security (Administrators/System/Special Staff = Full Control; Lab Users = Deny)

I have read a lot in the SBS 2003 administrators companion and online and have been having a hard time wrapping my mind around this. If someone could help point out if these setting are correct for what I want to do, I would greatly appreciate it!


This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Two things...

by cmiller5400 In reply to Am I doing this right, Sh ...

Remember, Deny permissions take precedence over allow, even for administrators.

Also, giving Full Control of a folder to a non administrator allows them to change security permissions on that folder, thus making your life harder if someone is ambitious... Consider giving them just what they need (Modify, Read & Execute, List Folder Contents, Read, Write) essentially everything but access control to the folder.

Related Discussions

Related Forums