W2k Server/ Permissions Questions

[Dokeman]

I have a win2000 server that is being used as an file/applications server. More as a file server though. They way it works, is that some of the software my client uses *requires* there be a mapped drive to the root of the drive on the server. Its the D:\ drive on the server, but mapped as J:\ on the workstations. About 10 workstations btw. Anyways, they called me saying that some of the employees have been browsing around on the J:\ drive looking into stuff that they shouldn't see.

ex. Everything is stored on the D:\ including the network programs that some of the employes use, and the quickbooks data that other employees use which dosent need to be seen buy some people. Anyways, my client is worried about some people browsing around on the j:\ drive. My question is how can i prevent this from happening. Idealy i want to make it so that when a person logs on, that controls which folders they have access to. I want it so that certain users dont get access to the quickbooks folder. Whats the best way to do this?

[John Prophet]

wow....he has returned! Long time no see.

(I still dont know anything about permissions, lol)

[John Prophet]

I suppose you need to make a "group" that cant access the j drive...and put all those particular users in that group...and that way the most restrictive policy will apply.

[AzKidd69]

make a special group for people that need accesss to certain patrs of D:, then make the needed people part of that group. and then in those certain restricetd parts add the special group to it and remove the everyone permissions don't ever mess with system permissions tho...

so for example.. let's say on D: you have 3 folders D:\generalBS D:\Research_and_development D:\financial

the permissions on
D:\ drive root) itself would include everybody

D:\general would include everybody

D:\financial would only have the admins, system acct and the finance dept personnel

D:\research_and_development would have only admins, sys and R&D personnel

I hope you get the idea

[Dokeman]

well the only concern i am having is that if i restrict access via groups, is that some of the software that they use requires read/write access. All i guess i really need to do is make 1 folder that only a certain group has. So i guess i need to make a group that has full access and another group that has full access except for one folder..... Is that possible???


Thanks for the welcome back...it has been a while


edit.. typed all this while you were submitting... Do u think that would work... I dont see why not..


And could someone throw down some directions or a link with some directions

[DVNT1]

I would also recommend creating a group of users who need access. Add their rights and take away the Everyone Group. THat way by default, new users won't have rights to the restricted areas.