Making shared Server folders unavailable

Discussion in 'Windows Server Systems' started by Heeter, Dec 17, 2007.

  1. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Hey all,

    I am trying to figure out how to make some server folders unavailable to the regular domain users, but be available to the admin users.

    when I logon as a regular user at a workstation, I start->run->\\Server and all the folders come up, I would only one or two folders available for sharing.

    I would like all of them available for the admin users logged on though.

    Maybe a good tut on this would be much appreciated.


    Thanks,

    Heeter
     
  2. Admiral Michael

    Admiral Michael Michaelsoft Systems CEO Folding Team

    Just curious as to why. If you have permissions setup then you shouldn't worry about unauthorized access.
     
  3. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    One of the folders is the iso's/license keys of all the software from the company

    Someone can download this stuff onto thier desktop.

    I don't really know how to setup the correct permissions for this to not happen.

    The users are under "power Users" template in SBS2003 domain controller.


    Heeter
     
  4. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    right click on the folder - properties - security - add people/groups to deny or allow list, think its the same when sharing the folders
     
  5. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Yeah, just take away read access for those who you don't want to see it. Nothing needed more than that :)

    Would probably want to remove all default groups such as "Everyone", "Domain Users" and/or "Users" too - just leave the user group for those who need to access them.
     
  6. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Thanks Guys,


    I will jump on that right away...................



    Heeter
     
  7. DwarfData

    DwarfData OSNN Addict

    Messages:
    135
    Location:
    Lancashire, UK
    Heeter,

    Another useful tip is to create a hidden share by ending the name of a share with a $
    eg \\server\licence_keys$
    Although this won't modify security it will stop the share appearing when a user browses the network.
     
  8. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    but that only works as long as you have admin shares enabled right? what if the registry has been tweaked to not allow them ? one of the first things i do
     
  9. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    the '$' should work regardless of if admin shares are enabled or disabled. The reg hack to disable them just removes the default c$ (and/or d$/e$/etc) shares.
     
  10. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    good to know :)
     
  11. Heeter

    Heeter Overclocked Like A Mother

    Messages:
    2,732
    Hey Guys,

    Thanks a million for all your input. Will do the $ thing too.


    Heeter