|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Share Permissions
Monrad.DC
forces.gc.ca
Date: Tue Sep 05 2006 - 09:38:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We have several W2K3 file & print servers maintained by our server team.
I am trying to follow least privileges principles and set up permissions for our account operators to have the minimum required rights on these servers to do their jobs.
Done:
1. Create personal folders - No problem, NTFS rights on a folder for user drives solves this.
2. Set permissions on personal folders - No problem - Full rights for techs so they can set permissions.
Problem:
Create shares - As far as I can tell, only power users and administrators have the rights to create shares.
I don't want the account operators to have the additional rights that come with the power user group.
Bonus Problem:
We have numerous drives holding different shares based on department and function. Giving the account operators rights to traverse through the root share on all non -system shares would ease their job. The ability to create a share using MMC and navigate through the root to the user share is just one example of this. I have not been able to find a way to effectively change the permissions on the root share (i.e. F$) without disabling all admin shares and creating more problems after a reboot or server service restart.
Any help would be appreciated.
Drew
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]