Create one user share, and then give each user access to their folder under the share (\\servername\sharename($)\userfoldername). Now account operators don't need to create shares.
For the "Bonus Problem", just create another share pointing to the drive root. Like \\server\fdrive$. You can have multiple shares pointing to a single share point. Brady McClenon Administrative Computer Services State University College at Oneonta Oneonta, NY 13820 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 05, 2006 10:39 AM > To: [email protected] > Subject: Share Permissions > > We have several W2K3 file & print servers maintained by our > server team. > > I am trying to follow least privileges principles and set up > permissions for our account operators to have the minimum > required rights on these servers to do their jobs. > > Done: > > 1. Create personal folders - No problem, NTFS rights on a > folder for user drives solves this. > > 2. Set permissions on personal folders - No problem - Full > rights for techs so they can set permissions. > > Problem: > > Create shares - As far as I can tell, only power users and > administrators have the rights to create shares. > I don't want the account operators to have the additional > rights that come with the power user group. > > Bonus Problem: > > We have numerous drives holding different shares based on > department and function. Giving the account operators rights > to traverse through the root share on all non -system shares > would ease their job. The ability to create a share using > MMC and navigate through the root to the user share is just > one example of this. I have not been able to find a way to > effectively change the permissions on the root share (i.e. > F$) without disabling all admin shares and creating more > problems after a reboot or server service restart. > > Any help would be appreciated. > > Drew > > -------------------------------------------------------------- > ------------- > -------------------------------------------------------------- > ------------- > > --------------------------------------------------------------------------- ---------------------------------------------------------------------------
