Hello,
Currently I am attempting to setup folder permission son Windows 2008 R x64 for my domain users.
The folder structure as follow:
Data
>Software
>Shared
>Archive
The “Shared” folder will hold department folders such as Accounting, Marketing, Engineering, Manufacturing…etc. So not all user will require access to all folders.
I opened properties for Data>Security tab and granted Domain Admins full access. Next I checked each of the sub folders (Software, Shared, Archive) and permissions have populated correctly.
I logged in as Domain Admin to a machine and when attempted to access \\fileserver\Shared\ I got “windows cannot access”…same error when using server IP address.
I opened the properties for “Shared” folder and enabled sharing via “Advanced Sharing”, removed “Everyone” and added “Domain Admins”. Logged as Domain Admin to a Windows 7 Pro machine and I am able to access the “Shared” folder, delete…etc. All Good so far.
The next step in the process is to give my domain users access to the “Shared” folder and certain sub folders depending on their permissions. We have security groups setup for each department and users are setup as required.
I logged in as regular user to Windows 7 Pro machine and attempted to access\\fileserver\Shared\ and got the message “windows cannot access….etc” and that is correct since no permissions have been granted yet to Domain Users.
I opened the properties for “Shared”, click on Security tab>Advanced>Permissions tab>Change Permissions>Add button and added “Domain Users” with the following permissions (Apply to: This folder only and Permissions: List Folder/ Read Data). I did a logoff and logged in again as a user and when attempted to access \\fileserver\Shared\ I still got the message “windows cannot access…etc”. Next, I opened the properties for “Shared” folder, clicked on the Sharing tab>Advanced Sharing and added “Domain Users” with read only permission. I did a logoff and logged in again as a user and when I attempted to open \\fileserver\Shared| I was able to do so. MY ISSUE…is that when I am logged as a user I can open all sub folders and files under “Shared” even when the “Domain Users” group is not listed in the Security tab for each of the sub folders and files in the “Shared” folder. I would like to all “Domain Users” to gain access to the top level “Shared” folder but when they click on sub folders they will get error message “access is denied” if they are not part of security group for each sub folder. It seemed the sharing permission gave “Domain Users” access to read all contents of the “Shared” folder.
Maybe my knowledge of permissions is not up to date.J and sorry for long message but I wanted to give as much details as possible.
Thanks….B