Registered users    
MembershipMembership:
Latest New UserLatest:John Smith
New TodayNew Today:9
New YesterdayNew Yesterday:10
User CountOverall:22877
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12481
Marina Roos11720
Eriq Neale2071
Michael Patrick1901
Stan Guinn1806
Robert Pearman1717
Nick Pieters1425
Stewart Brown609
Kevin D.563
Eddie Kerr534
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Smallbusiness Server > Small Business Server 2003
Subject: Restricting Access to Shared Folder
Prev Next
You are not authorized to post a reply.

Author Messages
Mike Lambert User is Offline
United States
Member since
4/4/2005

Registered Users
Posts: 239
7/21/2008 06:23 PM  
We have about 5 computers in the shop that are used by 5-10 different employees.  To handle the logins I created a general user account called SHOP.  Every computer is logged in with this user.  We have some shared folders on the server and the permissions have been controlled by user groups.  so far this has worked fine but today the manager from the shop wanted to change a file on the shared folder and he does not have permissions to do this.  The manager does not have his own computer so it is logged in with the SHOP user.  And since the SHOP user only has read rights he can't save his file. 
 
I don't want to make him log in as a different user because the computer he uses will also be used by other people that shouldn't have write access to the shared folder.  I guess I could have him log in and out as he uses it but that would be very inconvenient.
 
Is there a different way to control access to the shared folder?  Can you make it ask for a password before you can access the folder like you can do with multiple user profiles on Outlook?  Any other ideas?
 
Thanks, Mike
Andy Sims User is Offline
United Kingdom
Member since
4/7/2005

Platinum Membership
Posts: 212
7/24/2008 12:07 PM  
Personally, I would never set up a system like this as you loose so much control on users (and accountability/traceability for legal purposes), but if it works for you that's fine. A possible solution would be for the manager to also have a separate user account with write access to the share. This account could be used on a client logged in as SHOP to "run as" the application needed to edit the file in question. The application then runs in the context of the enhanced user account and should be able to save to the share. May be worth a try.
Mike Lambert User is Offline
United States
Member since
4/4/2005

Registered Users
Posts: 239
7/24/2008 01:20 PM  
Good idea with the "Run as" feature.  I'll take a look at it.
 
I tend to agree with you but I don't know how else to set it up so that the guys in the shop can use which ever computer is open.  They use the computers to write cutter path for CNC machines and sometimes once they get the program started, it can take hours before the entire path is done so the computer has to sit there until then.  That user would either do setups on the machines or would find a different computer to write other cutter path.  The guys in charge here have told me the only thing they don't want is for the users "to be logging in and out all day when they should be working".  They are not the most accepting when it comes to this stuff.
 
How else could I have set this up to allow better control? 
 
Thanks, Mike
Andy Sims User is Offline
United Kingdom
Member since
4/7/2005

Platinum Membership
Posts: 212
7/24/2008 01:56 PM  
Don't think I can think of a better solution but others on this forum may have one. It's always a balance of security versus useability and sometimes you must have a set up that fits the working practices, even if this is not optimal from a system admin perspective. Looks like you have sorted out something that works and keeps people happy. If the SHOP account is relatively restricted and is not used for email/web access, then there is probably not an issue: you know your guys and have obviously assessed the risk/useability balance.

Hope "Run as" will work!
You are not authorized to post a reply.
Forums > Microsoft Smallbusiness Server > Small Business Server 2003 > Restricting Access to Shared Folder


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.2343765 seconds.   :   Terms Of Use   :   Privacy Statement