Hello, 2 address Problem: By using ADUC you may delegate the right to create/delete Shared folder objects to the group you like.
2 address Bonus Problem: Do not modify the default share, just create an additional one. On the "Sharing" tab of the drive just press "new share" and set permissions you like. P.s. Hope I understood your problem correctly :) Alex MCSE, MCSA Security, CCNA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 05, 2006 5:39 PM To: [email protected] Subject: Share Permissions We have several W2K3 file & print servers maintained by our server team. I am trying to follow least privileges principles and set up permissions for our account operators to have the minimum required rights on these servers to do their jobs. Done: 1. Create personal folders - No problem, NTFS rights on a folder for user drives solves this. 2. Set permissions on personal folders - No problem - Full rights for techs so they can set permissions. Problem: Create shares - As far as I can tell, only power users and administrators have the rights to create shares. I don't want the account operators to have the additional rights that come with the power user group. Bonus Problem: We have numerous drives holding different shares based on department and function. Giving the account operators rights to traverse through the root share on all non -system shares would ease their job. The ability to create a share using MMC and navigate through the root to the user share is just one example of this. I have not been able to find a way to effectively change the permissions on the root share (i.e. F$) without disabling all admin shares and creating more problems after a reboot or server service restart. Any help would be appreciated. Drew --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
