Sign in to follow this  
Followers 0

Server 2012 File Sharing Restrictions Query

6 posts in this topic

Posted

Hey Guys,

 

I have a Server 2012 R2 instance that I'm using to share files and manage files (amongst other things). Currently it is NOT on a domain.

 

I have user based restrictions in place for file sharing. In particular I have a RAID 5 array with some 8tb of space mounted. On this drive are 3 public read-only shares for people to pull resources down from. I have myself set up as an Admin on the server so I can edit the files in the shares remotely and have a 4th share that is for my use only.

 

<Directories>

\

- articuno1au (articuno1au has full read write)

- newuser (newuser needs full read write)

- Public 1(public read, articuno1au has full read write)

- Public 2(public read, articuno1au has full read write)

- Public 3(public read, articuno1au has full read write)

</Directories>

 

I'm trying to set up another share for a user who will have read write access to this share. I'm wondering (short of setting up AD) if I can provide the privileges on the box without setting the user up as a local user on the server (i.e. giving them RDP access). Is that even possible?

 

Seems rather a waste to go through setting up AD services for the sake of setting permissions on a file share, but I want the new user to have permissions as above..

 

What thinks?

Share this post


Link to post
Share on other sites

Posted

Im a bit confused..

 

"can provide the privileges on the box without setting the user up as a local user on the server"

 

No you can not give a user access without a user account..  How would AD fix that?  You would still need an account, just in AD.  Or the account would have to come from another AD that you trust, etc.

 

Why can you not just create a user account on the server for this user to use? 

1 person likes this

Share this post


Link to post
Share on other sites

Posted

I'm trying to avoid them having RDP access to the machine.

I want them to have file access on the share I'm giving them, but not RDP.

Yarp.. >.>

Share this post


Link to post
Share on other sites

Posted

Non-administrator accounts do not have Remote Desktop access by default. If they do, it's because you changed a setting (see Advanced System Settings => Remote tab => Select Users dialog, which alters the members of the Remote Desktop Users security group). Creating the new user as a standard (i.e. limited) user account should be exactly what you need; additionally, if you don't want standard users to log on to the server locally, you should edit the Local Security Policy (secpol.msc) such that the Users security group does not have the Allow log on locally right (Security Settings => Local Policies => User Rights Assignment).

Share this post


Link to post
Share on other sites

Posted

^ exactly.  Having an account does not mean you can rdp, nor even login ;)

Share this post


Link to post
Share on other sites

Posted

Fair enough gents, thanks very much.

Need more knows >.<

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.