Guest Mark Posted August 17, 2007 Posted August 17, 2007 I have spent hours trying to accomplish this with no luck. Maybe someone in here has this implemented and could help me out. The concept here seems so simple, but no simple way to implement it..... I have a Windows Server 2003. I have a folder created called E:\Projects. I ONLY wand a few people to be able to create/modify/delete files and folders from within E:\Projects, but everyone else to have read-only access. Once there have been sub-folders created (by only a few designated people) in E:\Projects, everyone else can have full control of the sub-folders. In other words..... E:\Projects\: Everyone = read-only, allowed user(s) = full control E:\Projects\sub-folder1\: Everyone = full control E:\Projects\sub-folder1\sub-folder2\: Everyone = full control and so-on and so-on Any ideas?? Thanks.
Guest Mathieu CHATEAU Posted August 17, 2007 Posted August 17, 2007 Re: File System / Directory Security Hello, don't give full control to users, so ntfs security can't be changed (accidently or by users) Security should be inherited -- Cordialement, Mathieu CHATEAU http://lordoftheping.blogspot.com "Mark" <me@mymail.com> wrote in message news:uoRyhVP4HHA.5724@TK2MSFTNGP05.phx.gbl... > I have spent hours trying to accomplish this with no luck. Maybe someone > in here has this implemented and could help me out. The concept here seems > so simple, but no simple way to implement it..... > > I have a Windows Server 2003. I have a folder created called E:\Projects. > I ONLY wand a few people to be able to create/modify/delete files and > folders from within E:\Projects, but everyone else to have read-only > access. Once there have been sub-folders created (by only a few > designated people) in E:\Projects, everyone else can have full control of > the sub-folders. In other words..... > > E:\Projects\: Everyone = read-only, allowed user(s) = full > control > E:\Projects\sub-folder1\: Everyone = full control > E:\Projects\sub-folder1\sub-folder2\: Everyone = full control > and so-on and so-on > > Any ideas?? Thanks. >
Guest Roger Abell [MVP] Posted August 18, 2007 Posted August 18, 2007 Re: File System / Directory Security "Mark" <me@mymail.com> wrote in message news:uoRyhVP4HHA.5724@TK2MSFTNGP05.phx.gbl... > I have spent hours trying to accomplish this with no luck. Maybe someone > in here has this implemented and could help me out. The concept here seems > so simple, but no simple way to implement it..... > > I have a Windows Server 2003. I have a folder created called E:\Projects. > I ONLY wand a few people to be able to create/modify/delete files and > folders from within E:\Projects, but everyone else to have read-only > access. Once there have been sub-folders created (by only a few > designated people) in E:\Projects, everyone else can have full control of > the sub-folders. In other words..... > > E:\Projects\: Everyone = read-only, allowed user(s) = full > control > E:\Projects\sub-folder1\: Everyone = full control > E:\Projects\sub-folder1\sub-folder2\: Everyone = full control > and so-on and so-on > > Any ideas?? Thanks. > On e:\projects grant Read to Users for This folder, subfolders and files On e:\projects grant Modify to Users for Subfolders and files On e:\projects grant Modify to SpecialUsers for This folder, subfolders and files You need to use the edit button in the Advanced NTFS dialog for the second in order to get to the Applies-To dropbox
Guest Anteaus Posted August 23, 2007 Posted August 23, 2007 Re: File System / Directory Security Just thought I'd add that I've been down this road, and found one insurmountable problem, namely that files moved between folders within the same share don't acquire correct permissions for the folder they're in. Thus, after a few things get shuffled around in the normal course of work, you have a chaotic situation in which no-one can predict which files will be accessible. I don't know of any answer, other than to use share permissions instead, which is what I normally do. In Linux you can chmod 2770 (sticky group rights) to (largely) overcome this problem, but I don't know of any Windows equivalent. Does anyone else?
Guest Roger Abell [MVP] Posted August 24, 2007 Posted August 24, 2007 Re: File System / Directory Security In Windows most storage on people's own workstations is fairly uniform in permissioning, at least the part where limited users can save things, so this is not a big issue on workstations. For server storage on Windows 2003 and earlier the intra- partition move retaining explicit permissions is an issue as you outline. There are a couple of approaches. When you have two distinctly differently permissioned storage areas, putting them on separate partitions is the main way to avoid the problem. Another approach is to make it so that the user modifiable storage areas have no explicit but only inherited permissions, since the inherited permissions are always set due to the location, before or after a move. "Anteaus" <Anteaus@discussions.microsoft.com> wrote in message news:A606E349-B9AA-4CEE-9D4A-7DC2270B452D@microsoft.com... > Just thought I'd add that I've been down this road, and found one > insurmountable problem, namely that files moved between folders within the > same share don't acquire correct permissions for the folder they're in. > Thus, > after a few things get shuffled around in the normal course of work, you > have > a chaotic situation in which no-one can predict which files will be > accessible. > > I don't know of any answer, other than to use share permissions instead, > which is what I normally do. > > In Linux you can chmod 2770 (sticky group rights) to (largely) overcome > this > problem, but I don't know of any Windows equivalent. Does anyone else? >
Recommended Posts