EXPERT RESPONSE
Rather than applying a password to the specific folder, what you will want to do is to specify permissions so that only the user you want to have access is granted access and everyone else is denied access. You can practice this type of data protection by choosing from these two methods:
- Grant the user access directly.
- Create a group that the user is a member of, and then grant that group access.
I recommend data protection method two because it allows you to grant other users on your Microsoft network access by simply making them a member of the appropriate group. To achieve this, select the folder that you want to share, right click on it and bring up the properties. Select the Security Tab and assign the permissions as follows (and shown in figure one):
Figure 1: Assign permissions in Microsoft networks
- Domain Admins (or the local administrators group if you want to use local groups for permissions) -- Full Control
This allows domain admins to have access. If for some reason they do not need that, don't grant it -- but keep in mind that as a domain access, it's a trivial process to gain access to the folder and files.
- Group that the user is a member of or the user himself -- If the user only needs read access, check Read and Execute in the Allow column. If the user needs to be able to make changes, check Modify and/or Read and Execute in the Allow column.
This will grant the user access to the folder and files. In my example, I created a group named FS-Test-CX (File System-Directory-Permissions) and granted the group Change access. I would then make the user a member of that group.
- Remove any other groups from the list. Do not grant the "deny access" group to any groups. While this may seem like a good idea, if the user you want to have access is in a member of any of those groups, then the deny will supersede any other access the user has.
|
