Allow shared folder access only to specific clients

file-permissionsnetwork-sharewindows-server-2008

I am kind of new to networking and I am trying to resolve the following situation. I tried to find a solution but I couldn't find anything proper that suits my needs. Maybe anyone here could give some clarification whether it's possible or not in the first place.

The Situation:
At home I have set up a Windows Server 2008 R2 standard edition mainly as a file server.
I added some shared folders for everyone at home to access. Including a folder backup.
In that folder there is a sub folder for every family member at home. Right now, everyone is able to access all folders without asking for username / password.

What I want
That when someone tries to access the backup folder for user1, that it asks for the credentials of user1 (accessed from his/her desktop). So that only the specific user is able to access his or her backup.

I tried

  • Creating an account for every user and give only that user rights on the shared folder.
  • Changing the shared settings of the backup-folder itself.
  • Re-sharing the user1backup folder for that user only, but this creates a complete new share (and still doesn't work).

Would it be possible to prompt for username/password (which the account has been manually made on the server) when someome tries to access that folder?

If not, are there any alternatives for this (third party tools, other methods) which someone could point out to me?

Best Answer

  1. Every user will need a separate account. (All access control in Windows is based on users.)

  2. Decide to either use permissions on shares, or have a share with full access for everyone and use permissions on the underlying folder.

#2 is to avoid making things very confusing: two sets of permissions being applied just makes working out what is going on much harder.

The simplest approach would be for each user to have their own share (only they have read and write access to it) over their own folder.

Alternatively you have one share, with the subfolders with permissions limiting it to that user.

You can create an access control list (ACL: the structure that is applied to files and folders1 to defined permissions) that would allow everyone to read everything but only the creator of a file can change/delete it but that is more advanced.

The easiest way is to create on each user's folder an ACL:

  • Do not inherit parent permissions.
  • The user has full control.
  • Administrators have full control.
  • Applied to this folder and all child files and folders.

1 And to anything else in Windows with access control.

Related Topic