What sort of system are you running? What server OS etc.
Hi, I have a structure for folders which is a year group and then underneath that there are the pupils folder for them to store their work. Where the pupils folders are, each pupil can see the others folder but can not delete the folder, is there any method of stopping them from dragging one pupils folder into another pupils folder?
What sort of system are you running? What server OS etc.
Sounds like you need to change the way you dish out home folders. Why are you doing it that way may I ask?
I've always assumed that its not possible using Window but it'll be interesting to see what the clever ones here come up with
(I've never found a way to do it with Win98 shares but maybe there is some folder setting on W2K3 shares that could prevent it :?: )
Erm, why can your users see the entire user group folder? Hidden shares are the way to go for even a basic level of security, but as Geoff and others have said, it may help if we know what OS you were using to host your user areas on.Originally Posted by wadeeuk
Sounds like your permissions are very wrong. Looks like someone has been playing with special permissions at messed up a bit. You should check your permissions and set them to something more standard I would suggest:
and if you have need for it teacher: Read
I have a script that will accomplish this in one easy step if you need.
If you want to make users folders invisible to people that dont have persmission to them then you can active access based enumeration using the tool from Microsoft. I personally dont bother with this on user directories but I am tempted on other work shares we use.
god dude it sounds to me like you have it all set up wrong
Remember not everyone has W2k3 R2 servers with XP Pro clients
Lateral Think required
I'm asssuming the OP has generic logons like me.
e.g XP home computers with one local logon on each machine for pupils and maybe another one for teachers.
The pupils store their work in folder structure like this
.... A blogs
This is how I setup my schools when they had no real servers and I just used a Win98 machine for the job. (In his previous life, ChrisH used to be clever and map a drive letter for each class )
Now on Win98 shares you can't protect people dragging one person folder onto another but maybe if main share was on a W2K/3 server????
School is setup with Main Share, the their year group and under that the individual students name
----> Year 1
--------> Bob Smith
--------> Sarah Jones
----> Year 2
-------->Bob Smith Jnr
I must admit it is a strange way of doing it.
You could set access based enumeration on the main share and use user permissions on the folders underneath,
----> Year 1 (all year 1 users)
--------> Bob Smith (Bob Smith only)
--------> Sarah Jones (Sarah Jones only)
----> Year 2 (all year 2 users)
-------->Bob Smith Jnr (Bob Smith only)
That way only users with the permissions for that folder will be able to see the folders and not be able to move them!! I hope you understand this if not give me a shout.
Access Based Enumeration
What operating system though?
Only windows server 2003 sp1 and above
Sounds lika a pretty standard folder structure to me for Home folders then redirect My Documents to their folder.
If you mean it's a a public area so they can put work there for teachers to access for example, then you can give the following rights:
Pupils: Transverse Folders
This way students put their work into folders but can only read and modify their own work. Staff can read and write anything as can Admins.
It's worth noting that the only difference between Modify and Full access is the ability to change file ownership.
Also worth remembering you can give people Write permission and not Read permission which would make it so they could drag work into a folder but not actually be able to open the folder to view the contents.
On the server we have the following hierarchy for user directories.
------2002 (the year they started, and it follows the grade through)
Staff and Students are both shared. Staff has Change permissions on the Staff share and Read permission on the Students share. Students have change permission on the Students share.
We then have a general Students AD group which has read access to the Students directory (the directory only, not any subdirectories or files). There is then an AD group for each grade (eg "Students 2002") which then has read access to the appropriate year directory (similar to the students directory, they have permisison on the directory not the subdirectories and files). The students then have modify access to their own directory (modify not full, so they can't remove admin permissions from files) which is mapped (using the \\servername\students\ share) via a startup script to U: drive (the directory is named the same as their username).
The permissions allow students to view the subdirectories, and narrows it down to only their own directories as it gets further on. As the drive is mapped, unless they know enough to type in the server path they only see their own files. If they do know how to use the unc paths, they are locked out of everything else.
As I said, I think we are talking about a non-domain/AD controlled setup with 1 local user on each machine or maybe a very simple AD setup with one user name for each Year group.
IMHO Individual pupil logons in small schools with not enough machines in a suite for each class member, is not the best way to proceed as pairs/triples of pupils cannot load or save work without having to logon on and off each time.
Class folders with each pupil having a subfolder works quite well in this situation except for the problem of students accidently dragging their classmates folder into theirs
So what's needed is a method of doing this without having to go to individual logons. (it'd be great if there was a magic GPO setting to stop drag and drop )
There are currently 1 users browsing this thread. (0 members and 1 guests)