Announcement

Collapse
No announcement yet.

NTFS permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NTFS permissions

    Hi geeks I need you guys to help me configure this

    I have a couple of users whoa have access to a big share folder(they can see , create and do whatever they want) and my problem is i need a setup where they can continue to read and "modify" the contents of the big share but i do no want them to delete or move folders

    I think i made myself clear ,I need this setup because since they are about ten people who are accessing the share ,one user can move a folder that the other one and this case i just have to restore from a backup to have the real struture

    thx

  • #2
    Re: NTFS permissions

    On what OS resides this
    big share folder
    ?
    What OS are the computers?
    Are you in Workgroup or AD environment?

    Please provide more info...

    Sorin Solomon


    In order to succeed, your desire for success should be greater than your fear of failure.
    -

    Comment


    • #3
      Re: NTFS permissions

      Also, bear in mind the Great Microsoft Office Problem here - what I'm referring to is the idea that when your user launches a Word document to edit it, MSOffice will create a temporary file in that folder. Now, you wish to deny delete on that folder, but hey, Word wants to delete it's temp file when it's finished with it!

      So there's a big problem, and this idea has been kicked around this forum in another thread, but basically can I just say that denying "Delete" on a folder is actually quite a hard thing to do!

      So as Sorin says, if you can provide O/S info, we can try to help but be warned - it isn't that simple, surprisingly enough.
      Best wishes,
      PaulH.
      MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

      Comment


      • #4
        Re: NTFS permissions

        Oh by the way, when I talk about the problems to do with deleting files, I think that if you try to deny delete to folders, you will probably run into this pesky "can't delete temp files" problem, so I just wanted you to be aware of that.
        Best wishes,
        PaulH.
        MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

        Comment


        • #5
          Re: NTFS permissions

          Originally posted by sorinso View Post
          On what OS resides this ?
          What OS are the computers?
          Are you in Workgroup or AD environment?

          Please provide more info...

          The big share folder is sitting on a Windows 2003

          client computers Windows XP

          It is a AD environment

          Comment


          • #6
            Re: NTFS permissions

            OK, much clearer now...
            You can get what you want by following these steps:
            - on the specific folder, right click -> Sharing and Security -> Advanced -> Add.
            - pick the user(s)/group(s) you want and give them the DENY permission as shown in the attached picture.
            Notice the settings emphasized.

            Good luck.
            Attached Files

            Sorin Solomon


            In order to succeed, your desire for success should be greater than your fear of failure.
            -

            Comment


            • #7
              Re: NTFS permissions

              OK here is what I have found, and I'm sorry to say it is more complicated than it should be:

              If you deny the Delete permission on a subfolder, users can still delete the subfolder unless you remove the "Delete subfolders and files" permission from the parent folder. I just tried that on a Server 2003 and I made a little folder tree to test this out. So as long as I remove those permissions from the parent folder, I can also set "Deny Delete" to the subfolder, and users cannot delete that subfolder.

              The problem is that what happens when I then try to create a new sub-sub-folder, it presents me with the usual "New Folder" name for it, and it will not let me rename it to my chosen foldername. I suspect that it is because the renaming process has a "delete" of the old name somwhere in the back scenes of the operating system.

              Furthermore you run into the pesky Word and Excel "temp files" problem for all files underneath that when you try to open them.

              So I decided to try an experiment which went like this:

              Create a folder called "Data1". Then I create, somwhere else, a folder called "DataShortcuts" and I remove the "delete subfolders and files" and the "Delete" permissions from "DataShortcuts".

              Inside the "DataShortcuts" folder I place a shortcut to "Data1" and I set the permissions on that shortcut to be "Deny Delete" - all other permissions are grey ticks, because they are inherited from above. I then cannot delete this shortcut, but I can create and delete files and folders within it (because I am never indise the shortcut, when I double click it I am actually inside the real folder).

              In this way, you can have a parent folder called "DataShortcuts" and within it a series of shortcuts all of which are protected from deletion/moving (these would be shortcuts to Data1, Data2 etc with all the same permissions set). Then you share out the root folder called "DataShortcuts" to your users and they cannot change the series of shortcuts within, but they can modify stuff underneath, thus neatly sidestepping the pesky Word problem as well.

              The obvious downside is the unwanted complexity, and that if you have a folder structure of sub-folders that you want to protect, you'll be OK, but if you have further sub-sub-folders it gets rather difficult.

              Let me know how you get on because I am interested in finding a more elegant and robust solution to this problem. I'll carry on thinking about it!
              Best wishes,
              PaulH.
              MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

              Comment


              • #8
                Re: NTFS permissions

                By the way, this "pesky Word issue" I keep banging on about is this: A Word document can be opened and edited and saved. Then, second and subsequent attempts to edit that doc fail because the temp files are in a "Deny Delete" folder so Word cannot housekeep those temp files properly. Don't fall into the trap of editing a Word doc and believing that is all there is to it. It is second edits that fail.
                Best wishes,
                PaulH.
                MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

                Comment

                Working...
                X