I come from the *nix world, so apologies if this is a trivial question. I did my best to find a solution by searching the archives, to no avail.
I'm setting up a fileserver for very small office, total 4 people. The computer will mainly serve as a subversion repo, in addition to serving shared folders.
There are 4 people in the office, say A,B,C and D. A also administers the machine.
So in the Win7 system, we created 5 accounts, A,B,C,D and an admin account, which will be used by user A.
Now, what we want to do is, restrict a certain directory to be only readable/writable by user A, restrict another directory to be only accessed by users B and C, and restrict another one to be only accessed by D. Access here means, full read/write/modify privileges. Other users should not be able to read the directories and contents.
All these users are classified by Windows as belonging to 'Users' group, and also, 'Authenticated Users' group. So when we 'deny' access to a folder to USERS group, so we can then create another group to grant permissions, since the DENY on the USERS group has precedence, no user can access that folder.
How can we go about restricting access to individuals?
Regards,
Best Answer
With a setup this simple, just remove all ACEs from each folder, then add just the users you want to access the folder, set them to Full Control. It's that easy. Do not use Deny, it's the path to the dark side for the uninitiated. Don't use the Users or Authenticated Users groups; groups are powerful and necessary in larger setups, but for just 4 users I wouldn't bother.