I have some sensitive files, that should be accessed only by a small group of users. Currently the files are stored in a folder, on a WinServer 2012 machine, and will be accessed via a mapped location shortcut (using windows explorer).
What I want, is to restrict the access to everybody (except the server’s administrators of course), and then grant it to those 2-3 users. The problem is that the Deny rule takes precedence, and if I deny access to Users group, somehow it cuts mine too (even though I’m an administrator).
How should I set the rules so that ONLY the Administrators and users X, Y, Z have access? Not even authenticated users shouldn’t be able to access the folder.
Thank you very much!
Daniel
Answer
On the security tab just add the users that you want to have access, or create a group with just those users in and then add that group.
In windows a user only has permissions if they are granted permissions. If the user account is not listed they don’t have permission you don’t need to deny them. Just be mindful of nested groups giving un-intended access.
Typically deny is used in limited cases. For example let say you have a group of 300 people and that group has access to one folder with many sub folders, but you want to deny 1 user access to one folder. You would put a deny in place for that one user. The alternative would be another group with 299 users in etc etc etc.
Attribution
Source : Link , Question Author : Daniel , Answer Author : Drifter104
