I am not sure, I can tell you if I login to the server as a Power user, I can create the share, and permissions accordingly as needed. If I try this via shared folders snapin remotely, I can't see the drives accordingly, nor create a folder, etc etc, as a power user of the system. Compmgmt.as msc snapin same deal.
Actually Creator Owner has, Full Control on the directory that is created, but I will see if that translates to having access at the share/NTFS when I create it and grant them the appropriate rights as compared to them creating it, via power user rights. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Jonathan Link [mailto:[email protected]] Sent: Wednesday, September 01, 2010 To: NT System Admin Issues Subject: Re: Trying to limit my helpdesk to Power User rights, Reread the initial email. If someone from the server group creates the share, and the helpdesk group has full control on the NTFS permissions they can change permissions from the share, no? On Wed, Sep 1, 2010 at 4:45 PM, Jonathan Link <[email protected]> wrote: As in file permissions? On Wed, Sep 1, 2010 at 4:42 PM, Ziots, Edward <[email protected]> wrote: Yep, Looks like we are going to have to go that way, problem is they field a lot of calls about permissions and directories and not gaining access, etc etc, which is just going to now fall on the Server Engineering group, more pain... more pain, because things aren't done right in the first place. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] <mailto:email%[email protected]> Cell:401-639-3505 From: Crawford, Scott [mailto:[email protected]] Sent: Wednesday, September 01, 2010 4:38 PM To: NT System Admin Issues Subject: RE: Trying to limit my helpdesk to Power User rights, I would manage the permissions myself. If you don't want them to be admins, you shouldn't be making them power users either. Power Users are Admins who have not made themselves admins yet http://blogs.technet.com/b/jesper_johansson/archive/2006/03/12/421870.as px From: Ziots, Edward [mailto:[email protected]] Sent: Wednesday, September 01, 2010 2:02 PM To: NT System Admin Issues Subject: Trying to limit my helpdesk to Power User rights, I am trying as a method of locking down my Win2k8 and below servers is removing administrative rights wherever I can to the minimal level, I have setup my helpdesk folks to be Power users on one of my Windows 2008 R2 boxes, and if they login local to the box, they can create a directory and share local on the server, using MMC etc etc, ( I tested as a domain user as a power user) but if I run the MMC Shared folders snapin as the Power User from my XP System ( I made the account full admin on the workstation) when I try and take a look at the drives, via the snapin it doesn't allow it when it's a Power user on the server, I know if I was to make the group or the test user a local administrator ( which I don't want to do, because the keep screwing up permissions right and left) then they will see the drives and create folder etc etc accordingly. Any ideas, How I can get this working with Power User only rights accordingly? Maybe using additional share on the root of the drives to get them access accordingly? Either that or take care of all the permissions myself. Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] <mailto:email%[email protected]> Cell:401-639-3505 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
