Hello Computing Net,

I'm new to the Active directory environment. I need to give a user access to a shared folder. I logged on as myself; Located the shared folder; Right-clicked on the shared folder; clicked the Permissions tab; added user to the list of other user there with the exact access Privileges; I log off; user logs in to access new folder but they recieve the Access denied message.

What do I need to perform to give this user access to this share?

Are you setting the Security for NTFS or for the share access?

If you're adding multiple users to this share, the best way to manage permissions is to create a group, then add the users to that Group and the group to the permissions.

Life's more painless for the brainless.

I want to give this user access to this shared folder only, including all sub folders as well. I may have misunderstood your question though...

Thanks
Zip

I would go to the security tab instead of the sharing tab and clicking permissions, disable inheritive rights on the shared folder and then add the user and give him/her the permissions you want.

I like long walks, especially when they are taken by people who annoy me.

1. Go to the Sharing tab, click Permissions, add Authenticated Users and give Full Control, then remove all the others form the list. Make sure you FIST add the Authenticated Users; otherwise you loose the control to the share.
2. Go to the Security tab and give the User the rights you want him to have.

I think this is what Microsoft recommends.

superB

No. You don't want Authenticated Users to have Full Control. You want to grant access only to the users who should have it. And do NOT remove all other users from the list. System should stay if it's in the list, and Administrators should always be in the list, NTFS and Shared Permissions.

Users who need access to the share should have Modify, but not Full Control.

Life's more painless for the brainless.

Jennifer, I was talking about the Sharing tab and you are talking about Security tab. Please read my post once again.

The Sharing tab is useful because then you can access it by \\ServerName\ShareName\. Of course NTFS security is better than Share security and recommended by Microsoft.
And also I agree that on the Security tab it is recommended the user to have Modify-Allow.

superB

Zip,
As you are new to the AD environment, let me clarify some points here.

The Sharing tab is useful because then you can access it by \\ServerName\ShareName\, otherwise the user will have to type \\ServerName\Folder1\SubFolder2\...\SubFolderN\ShareName\ - I hope you got it – and it’s more time consuming.

Microsoft says NTFS rights are not only better and more granular but also overrides Share rights. So there is no point to use Share rights, just add Authenticated Users and give Full Control, then remove all the others form the list. Make sure you FIST add the Authenticated Users; otherwise you loose the control to the share.
Microsoft recommends us to use Authenticated Users instead of Everyone, just to give a little bit of security in the Domain.

Now go and play with the NTFS rights on Security tab.
Do not touch the Creator Owner, Security, Administrators and Domain Admins groups until you gather more experience.
Add the user and start by giving him the Modify-Allow rights. For special permissions click Advanced then Edit.

Jennifer has a good point at Response Number 1, create a Group and add the user to the Group, then set the NTFS rights for the Group. If another user2 joints the Group, just add user2 to the Group and automatically he’ll have access to the ShareName.

superB

Thanks for the input, but I was not talking about the "Security Tab." I was talking about Share Permissions. One should set permissions for both NTFS and Sharing. For more security, shares should be Admin shares. There's no reason for users to see shares they don't have the need for or access to.

"Microsoft says NTFS rights are not only better and more granular but also overrides Share rights. So there is no point to use Share rights, just add Authenticated Users and give Full Control, then remove all the others form the list." Can you post the URL for where this is stated?

Life's more painless for the brainless.

Adding users to both the Share and File permission only adds confusion and does not increase security.

The Permission tab is for Share permissions. On non-NTFS volumes, this is the only option for setting security but on NTFS volumes, use NTFS permissions...aka, file permissions.

Use the security tab to set NTFS permissions.

You can set the Share permissions (permissions button) to Authenticated Users Full Control as long as you have the proper NTFS permissions (Security tab)enabled. When NTFS and Share permissions combine, the most restrictive wins. Therefore the fact that Share permissions are set to Full Control is irrelevant since the only resulting permissions will be whatever is set via NTFS permission. So - set the Share permissions to Authenticated Users or even Everyone Full Control. Set the NTFS permissions for the appropriate users.

I agree you should use groups to set permissions. In fact, you should try to never give NTFS permissions to individual users. Give the permission to the group, then add people to the appropriate group.

By the way, they will not necessarily automatically have access. If they are newly added to a group, they will need to log off and back on their computer before the group change is recognized.

Thanks everyone,

WOW! This forum is Fantastic! I did create a Group and gave the appropriate permissions to that group. It worked! I may have a ton of future questions; is there a limit of how many questions I can asked within a week? or ask and resolve one at a time?

Zip...