File System / Directory Security

[Guest Mark]

I have spent hours trying to accomplish this with no luck. Maybe someone in

here has this implemented and could help me out. The concept here seems so

simple, but no simple way to implement it.....

 

I have a Windows Server 2003. I have a folder created called E:\Projects. I

ONLY wand a few people to be able to create/modify/delete files and folders

from within E:\Projects, but everyone else to have read-only access. Once

there have been sub-folders created (by only a few designated people) in

E:\Projects, everyone else can have full control of the sub-folders. In

other words.....

 

E:\Projects\: Everyone = read-only, allowed user(s) = full

control

E:\Projects\sub-folder1\: Everyone = full control

E:\Projects\sub-folder1\sub-folder2\: Everyone = full control

and so-on and so-on

 

Any ideas?? Thanks.

[Guest Mathieu CHATEAU]

Re: File System / Directory Security

 

Hello,

 

don't give full control to users, so ntfs security can't be changed

(accidently or by users)

 

Security should be inherited

 

--

Cordialement,

Mathieu CHATEAU

http://lordoftheping.blogspot.com

 

 

"Mark" <me@mymail.com> wrote in message

news:uoRyhVP4HHA.5724@TK2MSFTNGP05.phx.gbl...

> I have spent hours trying to accomplish this with no luck. Maybe someone

> in here has this implemented and could help me out. The concept here seems

> so simple, but no simple way to implement it.....

>

> I have a Windows Server 2003. I have a folder created called E:\Projects.

> I ONLY wand a few people to be able to create/modify/delete files and

> folders from within E:\Projects, but everyone else to have read-only

> access. Once there have been sub-folders created (by only a few

> designated people) in E:\Projects, everyone else can have full control of

> the sub-folders. In other words.....

>

> E:\Projects\: Everyone = read-only, allowed user(s) = full

> control

> E:\Projects\sub-folder1\: Everyone = full control

> E:\Projects\sub-folder1\sub-folder2\: Everyone = full control

> and so-on and so-on

>

> Any ideas?? Thanks.

>

[Guest Roger Abell [MVP]]

Re: File System / Directory Security

 

 

"Mark" <me@mymail.com> wrote in message

news:uoRyhVP4HHA.5724@TK2MSFTNGP05.phx.gbl...

> I have spent hours trying to accomplish this with no luck. Maybe someone

> in here has this implemented and could help me out. The concept here seems

> so simple, but no simple way to implement it.....

>

> I have a Windows Server 2003. I have a folder created called E:\Projects.

> I ONLY wand a few people to be able to create/modify/delete files and

> folders from within E:\Projects, but everyone else to have read-only

> access. Once there have been sub-folders created (by only a few

> designated people) in E:\Projects, everyone else can have full control of

> the sub-folders. In other words.....

>

> E:\Projects\: Everyone = read-only, allowed user(s) = full

> control

> E:\Projects\sub-folder1\: Everyone = full control

> E:\Projects\sub-folder1\sub-folder2\: Everyone = full control

> and so-on and so-on

>

> Any ideas?? Thanks.

>

 

On e:\projects grant Read to Users for This folder, subfolders and files

On e:\projects grant Modify to Users for Subfolders and files

On e:\projects grant Modify to SpecialUsers for This folder, subfolders and

files

 

You need to use the edit button in the Advanced NTFS dialog

for the second in order to get to the Applies-To dropbox

[Guest Anteaus]

Re: File System / Directory Security

 

Just thought I'd add that I've been down this road, and found one

insurmountable problem, namely that files moved between folders within the

same share don't acquire correct permissions for the folder they're in. Thus,

after a few things get shuffled around in the normal course of work, you have

a chaotic situation in which no-one can predict which files will be

accessible.

 

I don't know of any answer, other than to use share permissions instead,

which is what I normally do.

 

In Linux you can chmod 2770 (sticky group rights) to (largely) overcome this

problem, but I don't know of any Windows equivalent. Does anyone else?

[Guest Roger Abell [MVP]]

Re: File System / Directory Security

 

In Windows most storage on people's own workstations is

fairly uniform in permissioning, at least the part where limited

users can save things, so this is not a big issue on workstations.

 

For server storage on Windows 2003 and earlier the intra-

partition move retaining explicit permissions is an issue as

you outline. There are a couple of approaches. When you

have two distinctly differently permissioned storage areas,

putting them on separate partitions is the main way to avoid

the problem. Another approach is to make it so that the user

modifiable storage areas have no explicit but only inherited

permissions, since the inherited permissions are always set

due to the location, before or after a move.

 

"Anteaus" <Anteaus@discussions.microsoft.com> wrote in message

news:A606E349-B9AA-4CEE-9D4A-7DC2270B452D@microsoft.com...

> Just thought I'd add that I've been down this road, and found one

> insurmountable problem, namely that files moved between folders within the

> same share don't acquire correct permissions for the folder they're in.

> Thus,

> after a few things get shuffled around in the normal course of work, you

> have

> a chaotic situation in which no-one can predict which files will be

> accessible.

>

> I don't know of any answer, other than to use share permissions instead,

> which is what I normally do.

>

> In Linux you can chmod 2770 (sticky group rights) to (largely) overcome

> this

> problem, but I don't know of any Windows equivalent. Does anyone else?

>