Jump to content

Folder Creation Rights

Guest George

By Guest George
in Windows 2003 Server

 Share

Recommended Posts

Guest George

Guest George

Posted
Posted

Hello,

 

Is it possible to allow all domain users access to all files and

folders on a certain share, yet prevent users (except one) from create

new folders and sub folders? O/S is Windows 2003.

 

Thank you,

George

  • Replies 4
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Ace Fekay [MVP]

Guest Ace Fekay [MVP]

Posted
Posted

Re: Folder Creation Rights

 

In news:vaqc045as35hhvbo7fibrmn0q4081cb29i@4ax.com,

George <George@yahoo##.com> typed:

> Hello,

>

> Is it possible to allow all domain users access to all files and

> folders on a certain share, yet prevent users (except one) from create

> new folders and sub folders? O/S is Windows 2003.

>

> Thank you,

> George

 

Yes. Simply share the folder with the following perms:

 

Share perms:

Authenticated Users = C

Domain Admins = FC

 

NTFS perms:

Authenticated Users = R

Group1Modify = M (that can perform what you are asking)

Group2ReadOnly = R (that can't)

 

If you want Group2ReadOnly to be able to change files but not create sub

folders, don't add them in the DACL (Discretionary Access Control List)

because that is a standard set of combined permissions, but rather click on

Advanced and add the group in the Advanced ACL (Access Control List) and

select the group, click Edit to get in the ACEs (Access Control Entries),

and specify specifically the perms you want to allow for this object, child

objects, this object only, etc.

 

Windows Security News: Learning Guide: Access control

http://searchwindowssecurity.techtarget.com/news/article/0,289142,sid45_gci1025004,00.html

 

Understanding Windows NTFS Permissions

http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html

 

--

Regards,

Ace

 

This posting is provided "AS-IS" with no warranties or guarantees and

confers no rights.

 

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,

MVP Microsoft MVP - Directory Services

Microsoft Certified Trainer

 

For urgent issues, you may want to contact Microsoft PSS directly. Please

check http://support.microsoft.com for regional support phone numbers.

 

Infinite Diversities in Infinite Combinations

Guest Herb Martin

Guest Herb Martin

Posted
Posted

Re: Folder Creation Rights

 

 

"George" <George@yahoo##.com> wrote in message

news:vaqc045as35hhvbo7fibrmn0q4081cb29i@4ax.com...

> Hello,

>

> Is it possible to allow all domain users access to all files and

> folders on a certain share, yet prevent users (except one) from create

> new folders and sub folders? O/S is Windows 2003.

 

Sure, Ace gave you the (or an) answer depending on exactly what

you mean by "access to all files".

 

It is also possible to set FILE (NTFS) permission different from the

DIRECTORY (NTFS) permissions.

 

In this manner files can be give one permission for a set of users AND

directories can be different for that SAME set of users.

 

You can also -- by using Special (NTFS) Permissions -- also grant

things like "Create Files" but NOT allow "Create Subdirectories"

(or the reverse.)

 

In all such cases, permissions at the SHARE will have to be enough

for the MAXIMUM needed for that Group of users, but can be

entirely different at the NTFS and Share level for OTHER Groups

of users.

Guest George

Guest George

Posted
Posted

Re: Folder Creation Rights

 

Wow Ace...great info!! Thank you very much for responding and

providing me this info.

George

 

On Wed, 16 Apr 2008 19:08:57 -0400, "Ace Fekay [MVP]"

<PleaseAskMe@SomeDomain.com> wrote:

>In news:vaqc045as35hhvbo7fibrmn0q4081cb29i@4ax.com,

>George <George@yahoo##.com> typed:

>> Hello,

>>

>> Is it possible to allow all domain users access to all files and

>> folders on a certain share, yet prevent users (except one) from create

>> new folders and sub folders? O/S is Windows 2003.

>>

>> Thank you,

>> George

>

>Yes. Simply share the folder with the following perms:

>

>Share perms:

>Authenticated Users = C

>Domain Admins = FC

>

>NTFS perms:

>Authenticated Users = R

>Group1Modify = M (that can perform what you are asking)

>Group2ReadOnly = R (that can't)

>

>If you want Group2ReadOnly to be able to change files but not create sub

>folders, don't add them in the DACL (Discretionary Access Control List)

>because that is a standard set of combined permissions, but rather click on

>Advanced and add the group in the Advanced ACL (Access Control List) and

>select the group, click Edit to get in the ACEs (Access Control Entries),

>and specify specifically the perms you want to allow for this object, child

>objects, this object only, etc.

>

>Windows Security News: Learning Guide: Access control

>http://searchwindowssecurity.techtarget.com/news/article/0,289142,sid45_gci1025004,00.html

>

>Understanding Windows NTFS Permissions

>http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html

Guest Ace Fekay [MVP]

Guest Ace Fekay [MVP]

Posted
Posted

Re: Folder Creation Rights

 

In news:393d04diqlk171rtisu3scb8lova8p2skq@4ax.com,

George <George@yahoo##.com> typed:

> Wow Ace...great info!! Thank you very much for responding and

> providing me this info.

> George

 

My pleasure! Good luck. :-)

 

Ace

 Share
Go to topic listing
×
×
  • Create New...