No announcement yet.

Share Read/Write ->same group

  • Filter
  • Time
  • Show
Clear All
new posts

  • Share Read/Write ->same group

    Hello again to everyone ,

    I have this situation.
    Server 2003 + AD + more Winxp station + 1 Share file server.

    We have here a distribution group with more then 30 people in it.

    What i have to do :

    I have to create a folder that i can share(on the share server) for this people but only some of them to have write acces in that folder and the rest only read rights.
    The problem is that all the persons in this group log on with the same credentials and if i want to share the folder i cant separate them (i saw that u can do that if u add the computers in the share/permission box but it doenst work)

    If u guys have any ideeas it would help me a lot.

    P.S. Please dont tell me that i should make them different logon cause for now its to much job to do .
    P.S. If i didnt get understood i will try to explain better my problem.

    Thank you very much


  • #2
    Re: Share Read/Write ->same group

    You can do this by placing your users in two separate new groups.

    Distribution groups are for sending emails, so do not use those. Also, do not set computer permissions - we are going to add some groups and use those to separate your users into two teams, without removing them from any existing groups. Your user logons will stay the same.

    What you need to do is to create two new security groups. I will call one group MYREADONLYGROUP and the other group I will call MYREADWRITEGROUP.

    Add some of the users to the MYREADONLYGROUP, those users being the ones who are only going to be able to read, and not write, to the folder. Then add the users who need more power to the MYREADWRITEGROUP.

    If you need any help on creating security groups or with adding users to those groups, let me know and I will tel you how to do that. I think you may know how to do that already.

    Now, on the shared folder, right click and select properties. On the Sharing tab, click Permissions and set Everyone to "Change" and "Read" (that's because you are setting the permissions on the share rather than the folder at this stage) and click OK.

    Then, to set the permissions on the folder, on the Security tab click Advanced and remove the tick that says "Allow inheritable permissions..." and click OK: when it asks you, click the Remove button.

    Finally, (we're still on the Security tab), we will add the groups we want and we will give them the correct permissins:

    1. Add the Administrators group (or the Domain Admins group) and then give them Full Control.
    2. Add the MYREADONLYGROUP and give them read only permissions by ticking the appropriate box. Actually, the correct boxes may be ticked already, as the default permissions given are read/execute/list which is OK.
    3. Add the MYREADWRITEGROUP and give them Modify permissions. When you tick Modify, the Write permission gets ticked automatically also.
    4. Click OK OK

    Go to a workstation, log off, then log back on again and test what you have done for a readonly user by trying to create a new document in that folder. Then test it again for a read+write user. Finally, test that an Administrator has read/write permissions too.

    Your previous distribution group should not be shown in the permissions security list at all. You have made no changes to your distribution group and you have made no changes to any logins.
    Best wishes,
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008


    • #3
      Re: Share Read/Write ->same group

      Thank you very much Paul , i will try this tomorrow and i will came back with a replay.


      • #4
        Re: Share Read/Write ->same group

        hey again Paul , unfortunatly ur ideea didnt work probably that the computer does not know whos credential are used when trying to acces the folder , but i find a way :
        I mapped the drive and you have there a small box : Connect using a diffrent name
        EASY as that

        Thank you very much


        • #5
          Re: Share Read/Write ->same group

          That must be because the users are not logging on with domain credentials. you must have setup your users as local user accounts. I think your computers are not joined to the domain, so the user accounts that people are using to logon to the computer are not known by the domain controller.

          In this scenario, a user will logon to his workstation locally but the domain controller has no idea what user account has been used. this is not the proper way to do things, and so that is why your users are getting a password prompt when they are trying to access the share.

          Normally, system administrators would join the workstations to the domain and then have the users logon to the domain so that the DC knows what account is being used. In that scenario, file and folder security as outlined above will work correctly and give you all the power and flexibility of NTFS security that you may need.
          Best wishes,
          MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008


          • #6
            Re: Share Read/Write ->same group

            Hey again and thank you for your time,
            Well all the computer here are in the domain , the users are conecting with the credentials from the AD.(100% )

            Well i wanted to use the Mapped Drive ideea but now i am facing this .

            On the Share server i created a folder TEST(NEW FOLDER ATTN) , and i wanted to mapp(With the DIFFERENT USER NAME Option) it but i got this error :

            Its an odd error and i am 100 % sure that its not already mapped as show in the picture .
            Can you help me with this ?
            Attached Files


            • #7
              Re: Share Read/Write ->same group

              I don't follow you - the whole idea behind logging onto the domain is that the server knows EXACTLY who has logged on (and therefore who is trying to access the folder), so I do not understand what you mean here:
              Originally posted by bnoyzf24 View Post
              ...that the computer does not know whos credential are used when trying to acces the folder ,
              and yet you say they are logged onto the domain.

              Don't get sidetracked with the mapped drive idea. Try to learn how to setup a shared folder with the correct permissions properly because that is the correct way to do it, I assure you.

              First check a few things:
              1. What is the DNS server setting of the client PC?
              2. What is the IP address of the domain controller?
              3. When the users press Ctrl+Alt+Del to logon, do they have three boxes: a username, a password and a domain name?
              4. What is showing in that third box on the logon screen?
              5. Did you set the SHARE permissions to give "Everyone" read and write access?
              6. Check the group membership for one person who should be able to read and write to the shared folder.
              7. Check the NTFS permissions of that folder as instructed in my earlier post.

              Please try to get this one solved by using the proper way to do it - if you get yourself distracted into other methods you won't learn the correct way (which is much more powerful), and you will be floundering about trying stuff out and if you do get it working some other way you will not really understand why it works. So let's focus on making sure the SHARE permissions, the NTFS permissions and the Group Membership are correct. Then it will all work and you can build on that.
              Best wishes,
              MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008