Article ID: 301198 - View products that this article applies to.
This article was previously published under Q301198
This step-by-step guide describes how to share folders on a Windows 2000-based computer that is part of a domain.
For example, assume that you are the administrator of a Windows 2000-based domain. You get a call from Fran, the manager of your Accounting department. The Accounting department is working on a major project and wants to have a central location to save their working files. The Sales department needs to be able to read these files, but should not be able to edit them or add any new files. You need to create a shared folder on the Windows 2000-based file server to allow the Accounting and Sales departments to access the data.
(http://support.microsoft.com/kb/301195/EN-US/ )How To Configure Security for Files and Folders on a Network (Domain)
Users Cannot Access Files and Folders That They Should Be Able to When Logged On LocallyShare access permissions are combined from any permissions that are assigned directly to the user and those that are assigned to any groups of which the user is a member. For example, assume that the user named Frank is a member of both the Accounting group and the Managers group. On one shared folder, Frank has Read permission, and the Accounting group has been granted the Change permission. Because Frank is also a member of the Accounting group, his effective permissions would be Read and Change.
The exception to this rule is if there is an explicit Deny permission on the folder or file. This occurs because Deny permissions are enumerated first when Windows 2000 is determining whether or not a particular user can perform a particular task. For example, if Frank is a member of a group that has Deny selected for the Read permission, he is unable to read the file or folder, even if other permissions should allow him to do so. Therefore, you should avoid using explicit Deny permissions (that is, avoid clicking to select a check box in the Deny column) unless there is no other way to achieve the permissions mix that you need.
Share permissions and the file and folder permissions that can be applied to resources on a drive that uses the NTFS file system are both applied if a user connects to a shared resource over the network. If the share permissions look as if they should allow for a particular level of access, but the user is having problems actually achieving that level of access, check the file and folder permissions to make sure they are not preventing access.