Announcement

Collapse
No announcement yet.

Permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Permissions

    Hey guys,

    I'm trying to set up some customised permissions on a folder where users will be able to do everything they pretty much want, except delete folders and files.

    In the security tab and for the Domain Users object, I have checked everything except for "Delete" and "Delete Subfolders and files".

    The problem I'm having is that since these two have been unchecked, the users can no longer save new or existing documents in the folder, rename documents and save as documents with a new file name. They all yield access denied errors.

    I can not save a document in the folder, however I can right click in the folder and create a new document. But I cannot edit that document and save it or do anything further with the document.

    I can also copy/paste.

    Any help is appreciated. Thanks!

  • #2
    Re: Permissions

    Have you tested this locally where the share exists? Does it only effect users coming in via the share?

    Comment


    • #3
      Re: Permissions

      AFAIK most file manipulation involves creating and deleting temporary files, so you may be on a hiding to nothing here.

      suggests there are 3rd party tools that may help
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Permissions

        The folder is on the server and the network admin account has full access so everything works fine on the server.. The users who access the folder through domain computers have the problem.

        Comment


        • #5
          Re: Permissions

          @Ossian... any tools you've used or recommend?

          Comment


          • #6
            Re: Permissions

            No, apart from
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Permissions

              Review the share permissions. Have you set NTFS permissions the way you want them? I would also look at the advanced share permissions.

              Comment


              • #8
                Re: Permissions

                I've set them exactly how I wanted them. Pretty much in advanced options I selected Domain Users and unticked the allow boxes for 'Delete', 'Delete subfolders and files', 'Change permissions' and 'Take ownership'..

                But it seems as if all write permissions have gone with it aswell.

                Comment


                • #9
                  Re: Permissions

                  We have set this up on a customers site, and its really confushing for such a simple idea, and there is always a catch.

                  Even after you get it all sorted, at best you are still left with it creating a TMP file every time you do anything in that folder, and that file can not be deleted by th user, so it sits there, and you get hundards of them.

                  We have this setup on 2 sites, one site we use window permissions and a batch file to go though a delete all TMP files older then 10 mins.We have had no end of problems with this site. The other we have setup sharepoint to help manage the files and file creation/storage. Once the setup was completed, the users basiclly managed this themself.

                  There are some cheap/free ways to manage files, and they all beat NTFS permissions.

                  Wofen
                  Good to be back....

                  Comment


                  • #10
                    Re: Permissions

                    @Wofen Yeah, for something that seems so simple, it sure seems like a mission.

                    I can't even get it working with the TMP files coming up. But I don't think I want to anymore - It would be plain annoying to have it this way. Also sharepoint at the moment isn't something this company wants to look at at the moment.

                    Have you or anybody else ever used any alternative ways or tools to do this?

                    Comment


                    • #11
                      Re: Permissions

                      Shairpoint is great, and free, and while alittle hard to get setup, there are HEAPs of guides online to help. I would really recommend looking into it, as its free (with SBS), can be setup to do a whole host of wonderful things, and best of all, you can setup external access to your document stores.

                      Other then that, you can get some Folder locking software that will not let anything in Folder "C:\XXXXX" be overridden or deleted, but then finding one that works in a domain setup, and costs less then deploying a whole MOSS farm, is alittle harder.

                      We know you need a folder that users can not delete files out of, but what for? Is it just so users do not acidently delete files, or to stop users deleting things on purpose? Is it made for a dumping gound (where all users can submit files, but no one can view, open or edit anything in there(except the origanl user)), it is for a legal firm that has to keep a record of change on all there files?

                      Each one has different possilbe options, and while they are very simlier, they have some very different out comes.

                      PS: Have you given a thought to FTP with authencation intergrated into windows?

                      Wofen
                      Good to be back....

                      Comment


                      • #12
                        Re: Permissions

                        The reason as to why I'm doing this is yes, because the CEO does not want anybody to accidently or purposly delete anything on that particular share.

                        Users should not need to delete anything from this share but a few days ago, somebody did and I had to restore from a backup.

                        Comment


                        • #13
                          Re: Permissions

                          Ok, so that share, is it sololy for backup reasons? If so, then I recommend a Backup program and a external hard drive.

                          If its just for long term archiving... why does users need modifiy the files (you can not stop a user from just opening the file, and empting it(at lest without version controll)).

                          If the users do not need to modifiy the files, then its easy to setup, but if they do need to modifiy the files, you can not achive what you want, without using backups, or something with file version control, as ay user will be able to "delete" anything they want to via open, remove all content, resave.

                          User education, Logging and Version Control with a backup is the best option. I would pick version control over backup for what you want. Backup requires you to notice the file has been deleted, then restore it. With version controll, it does not matter when you notice the document gone, you can always bring it back to the just before it was deleted.

                          I would sit down with the CEO and run these idea by him, as he needs to make the call as to how you do it.

                          Wofen
                          Good to be back....

                          Comment


                          • #14
                            Re: Permissions

                            I think you miss understood.

                            The users are constantly editing and creating files in the folders of this share. But according to the CEO, files never need to be deleted and shouldnt be.

                            He pretty much doesnt want files to go missing if people delete them, accidently or on purpose - so we dont have to keep restoring from a backup.

                            Comment


                            • #15
                              Re: Permissions

                              Running out of ways to say this....


                              You can not have what you want in a logically sense. If a user is going to try and delete files, then can just open them, and save over them with a blank file (takes about 10 seconds with a batch file).

                              You can stop users from acidently deleting the file, but 9 times out of 10, the file is deleted by being saved over anyhow, and if a user can edit a file, then they can destory it.

                              If you where to use something that has Version controll, then you would not have to worry, as when the file is deleted, its actuly just marked as not visable to the normal user (paraphasing). You can set most of this up using the software that comes free with SBS, but you will need to configure it all.

                              I know it sounds like you can get the goal with just NTFS premissions and Share permissions, but I have not come up with a solution that works, and has no major problems. If you do, please let me know, as I would love to know how to set a true dump and modifiy folder.

                              Anyhow, I have found my note on when I setup the first solution, I will post them, they might help you abit.

                              Enable the Allow for the Following
                              Read & Execute
                              Read
                              Write
                              and Make sure MODIFY is unchecked for Allow and Deny leave it blank and you should be good.
                              good luck
                              Source(s):
                              http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html
                              Hope that helps, I highly recommend getting a solution that has version controll.

                              Wofen
                              Good to be back....

                              Comment

                              Working...
                              X