Announcement

Collapse
No announcement yet.

Is it possible? Permissions question.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is it possible? Permissions question.

    Here at the company I am working for we are currently working towards the migration of our file storage. File storage is currently on an Novell Suse Linux platform and we are moving to a Windows Server 2008 environment. One of the main problems we are for seeing is the lack of users being able to change who can access there files. For example if Fred has a file and he wants Mary to be able to access this file, but nobody else he can change the properties of that file to enable Mary to have access. With this scenario it is currentliy working fine with Novell but I have yet to found away around it in Windows Server. A great deal of employees use this feature as well. Any ideas?
    THANKS!

  • #2
    Re: Is it possible? Permissions question.

    Probably you have to make a special permitions to a group of users, to permit users to change the access permitions to a folder. You can't give them admin status or else they can change everything. Probably someone with more experience or , that allready made something like that can help you.

    Comment


    • #3
      Re: Is it possible? Permissions question.

      With Windows, providing you grant a User or Security Group Full Control to a folder/file, they can change and add permisisons. If you make a User or Security Group an owner as well, they can also change permissions.

      Comment


      • #4
        Re: Is it possible? Permissions question.

        So if I would grant "Fred" full control of a folder on the Windows server he could change and edit permissions of that folder?
        Thanks for the help.

        Comment


        • #5
          Re: Is it possible? Permissions question.

          That's right. It's a common error for administrators to always grant Full Control when wanting to allow users to edit and delete documents. Best Practice is to use a Domain Local Group for the resource. e.g. A Domain Local security group appropriately named, e.g. DL_Finance_Full, Read or Modify as appropriate. The Domain Local group is granted the permisisons. You then create Global Groups and add the appropriate users to them and add those to the appropriate Domain Local group. This makes it convenient when assigning permissions. You only have to change the Groups a user is a member of. The DL groups never need to change.

          Shares tend to be assigned 'Full Control' to everyone and then NTFS permissions lock it down. You can go further and use specfic groups as well but it gets more difficult to manage.

          Use 'modify' NTFS permission to allow delete and edit etc and Full Control, if you want users to be able to take ownership and assign permissions.

          Comment


          • #6
            Re: Is it possible? Permissions question.

            Thanks! I think our best option is to allow supervisors the ability to edit file permissions.

            Comment


            • #7
              Re: Is it possible? Permissions question.

              Originally posted by Virtual View Post
              That's right. It's a common error for administrators to always grant Full Control when wanting to allow users to edit and delete documents. Best Practice is to use a Domain Local Group for the resource. e.g. A Domain Local security group appropriately named, e.g. DL_Finance_Full, Read or Modify as appropriate. The Domain Local group is granted the permisisons. You then create Global Groups and add the appropriate users to them and add those to the appropriate Domain Local group. This makes it convenient when assigning permissions. You only have to change the Groups a user is a member of. The DL groups never need to change.

              Shares tend to be assigned 'Full Control' to everyone and then NTFS permissions lock it down. You can go further and use specfic groups as well but it gets more difficult to manage.

              Use 'modify' NTFS permission to allow delete and edit etc and Full Control, if you want users to be able to take ownership and assign permissions.
              All great advice but i would change the share permissions to Authenticated Users with Full Control.

              My own personal way of doing it so it won't fit with everyone.

              Comment

              Working...
              X