Jump to content



Photo

Server 2012 File Sharing Restrictions Query

Answered Go to the full post

  • Please log in to reply
5 replies to this topic

#1 articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 10 May 2014 - 08:14

Hey Guys,
 
I have a Server 2012 R2 instance that I'm using to share files and manage files (amongst other things). Currently it is NOT on a domain.
 
I have user based restrictions in place for file sharing. In particular I have a RAID 5 array with some 8tb of space mounted. On this drive are 3 public read-only shares for people to pull resources down from. I have myself set up as an Admin on the server so I can edit the files in the shares remotely and have a 4th share that is for my use only.
 
<Directories>
\
- articuno1au (articuno1au has full read write)
- newuser (newuser needs full read write)
- Public 1(public read, articuno1au has full read write)
- Public 2(public read, articuno1au has full read write)
- Public 3(public read, articuno1au has full read write)
</Directories>
 
I'm trying to set up another share for a user who will have read write access to this share. I'm wondering (short of setting up AD) if I can provide the privileges on the box without setting the user up as a local user on the server (i.e. giving them RDP access). Is that even possible?
 
Seems rather a waste to go through setting up AD services for the sake of setting permissions on a file share, but I want the new user to have permissions as above..
 
What thinks?

Best Answer pencil_ethics , 14 May 2014 - 08:45

Non-administrator accounts do not have Remote Desktop access by default. If they do, it's because you changed a setting (see Advanced System Settings => Remote tab => Select Users dialog, which alters the members of the Remote Desktop Users security group). Creating the new user as a standard (i.e. limited) user account should be exactly what you need; additionally, if you don't want standard users to log on to the server locally, you should edit the Local Security Policy (secpol.msc) such that the Users security group does not have the Allow log on locally right (Security Settings => Local Policies => User Rights Assignment).

Go to the full post



#2 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 10 May 2014 - 12:02

Im a bit confused..

 

"can provide the privileges on the box without setting the user up as a local user on the server"

 

No you can not give a user access without a user account..  How would AD fix that?  You would still need an account, just in AD.  Or the account would have to come from another AD that you trust, etc.

 

Why can you not just create a user account on the server for this user to use? 



#3 OP articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 14 May 2014 - 07:56

I'm trying to avoid them having RDP access to the machine.

I want them to have file access on the share I'm giving them, but not RDP.

Yarp.. >.>

#4 pencil_ethics

pencil_ethics

    Neowinian

  • Tech Issues Solved: 1
  • Joined: 30-October 08
  • Location: Where you can't find me :-P

Posted 14 May 2014 - 08:45   Best Answer

Non-administrator accounts do not have Remote Desktop access by default. If they do, it's because you changed a setting (see Advanced System Settings => Remote tab => Select Users dialog, which alters the members of the Remote Desktop Users security group). Creating the new user as a standard (i.e. limited) user account should be exactly what you need; additionally, if you don't want standard users to log on to the server locally, you should edit the Local Security Policy (secpol.msc) such that the Users security group does not have the Allow log on locally right (Security Settings => Local Policies => User Rights Assignment).



#5 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 96
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 14 May 2014 - 09:54

^ exactly.  Having an account does not mean you can rdp, nor even login ;)



#6 OP articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 15 May 2014 - 15:11

Fair enough gents, thanks very much.

Need more knows >.<