Announcement

Collapse
No announcement yet.

File Permission Management

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • File Permission Management

    Hey all, I have a question:

    How can I simplify the management of permissions on a file server?

    We are migrating from a Novell Netware shop to a completely MS shop.

    One of the issues we are running into is setting up file permissions on our file servers using ABE.

    Our Novell admins are having difficulty setting up the proper rights so users only see what they need to see.

    Currently we have several different shares and depending on what Security group a user is in they get assigned the appropriate share. To have more granular access we then have sub-folders which some users need to see and some don't.

    This isn't too much trouble until we need a user to view a file several folders down but not necessarily any other data in those folders.

    We have found that the Admins must grant Read/Write to the file and then go to each parent folder and give them 'Traverse Folder', 'List Folder', 'Read Attributes', 'Read Permissions' rights to that folder. That is apparently a much more complex process than what they needed to do for Novell. (To be fair, we have quite a convoluted folder structure and it will take some time to setup the permissions for all of the files and folders we have similar to the Novell file servers)

    Am I missing an option that states if the user has rights to a file they can browse to that file? Is there a free/inexpensive 3rd party tool that accomplishes this?

    I tried to write an HTA that would allow the admin to browse to a file or folder and set the permissions for each folder in the path using icalcs. Unfortunately, I had enough trouble just trying to get a File Dialog box to work. (Well, one that works on both Windows 7 and XP).

    Any ideas?


    Thanks,
    Major

  • #2
    Re: File Permission Management

    You will have problems with any script that wants file dialogs on Xp and 7 -- use XPMode and stick with one version

    IMHO have a look at your file organisation and see why a user needs deep access but not to parent folders, and consider re-organising so the target is in a different structure (or share it directly)

    If you give users shortcuts to the target folder they should be able to open them without needing traverse rights

    Basically, if you cannot do 99.9% of your security through standard permissions (not advanced) something is wrong!
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: File Permission Management

      Originally posted by Ossian View Post
      You will have problems with any script that wants file dialogs on Xp and 7 -- use XPMode and stick with one version

      IMHO have a look at your file organisation and see why a user needs deep access but not to parent folders, and consider re-organising so the target is in a different structure (or share it directly)

      If you give users shortcuts to the target folder they should be able to open them without needing traverse rights

      Basically, if you cannot do 99.9% of your security through standard permissions (not advanced) something is wrong!
      I wish I could...

      It's the problem that it 'worked like this before' and since we are 'upgrading' we shouldn't lose functionality.

      In our organization our departments work closely together and have users that work on projects across several departments so I don't think we can go totally go away from that model. Granted, it would be nice.

      We thought about using shortcuts but for some users that will mean lots of shortcuts and once again we lose the 'way it worked before'.

      Bottom line is we can't change our file organization because we 'can' accomplish the same thing as before but it is just more complex and convoluted. I am just trying to find an easier management system for our Novell admins and understand if that is not possible. They will just have to suck it up...

      What do you mean by 'XPMode'? Do you mean the UserAccounts.CommonDialog?


      Thanks,
      Major

      Comment


      • #4
        Re: File Permission Management

        No, I mean on your Win7 boxes to run an XP Virtual machine and run your scripts from there
        Windows 7 XPMode for more info
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: File Permission Management

          Originally posted by Ossian View Post
          No, I mean on your Win7 boxes to run an XP Virtual machine and run your scripts from there
          Windows 7 XPMode for more info
          Yeah, I misunderstood what you were saying.

          We already have virtual XP machines setup for a few of our admins because of legacy programs.

          That might be one option we could go.


          Thanks,
          Major

          Comment

          Working...
          X