Announcement

Collapse
No announcement yet.

Restricting access question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Restricting access question

    All
    My environment is a Windows 2003 environment. My file server is a Win2k3 R2 server (also our primary dc) ... Currently all of our users have rights to just about every folder (full control is disabled for all ) ... Occasionally we get a couple of users who accidently take a folder and drag it underneath another folder. Is there a way I can restrict folders from being moved to other folders but still be able to create/delete items in a folder if that makes sense?
    So in other words, I have a folder called "folder A" and a folder called "Folder B" and i accidently drag folderA to folderB - can i restrict this but still be able to create files in folderA and folderB ?

  • #2
    Re: Restricting access question

    In the root folder change the security privileges to apply to folder/sub folder to deny delete for sub folder/files for the users group or account - apply this to child objects.

    Creator owner should still have full control so if a user creates a folder they can delete it but will keep others from moving/deleting them on accident. You could even allow them to take ownership so that they can delete a folder but adds an extra layer to ensure they mean to delete/move it so that accidental move won't happen.

    You're going to have to mess with the settings until you get what you're after, but it's possible. I did a quick test and did what you were asking but am not 100% sure it's exactly what you wanted. Here's what I did.

    Code:
    C:\Windows\System32>cacls n:\SecurityTest
    n:\SecurityTest 
    
    NT AUTHORITY\Authenticated Users:(CI)(DENY)(special access:) FILE_DELETE_CHILD
    BUILTIN\Administrators:(OI)(CI)F
    CREATOR OWNER:(OI)(CI)(IO)F
    NT AUTHORITY\Authenticated Users:(OI)(IO)F
    NT AUTHORITY\SYSTEM:(OI)(CI)F
    Last edited by ahinson; 11th August 2008, 16:39.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Restricting access question

      Thanks for the quick response.

      Yes, basically all I want to do is deny people from dragging folders to another folder on a network drive for when they get click happy. Because then they think they've just deleted an entire folder structure when in turn its underneath some place else.

      But - I still want them to be able to create, modify and delete files/folders on the network ....

      let me try your suggestion and i'll let ya know if i'm successful or not

      Comment


      • #4
        Re: Restricting access question

        Originally posted by Jamie View Post
        ...deny people from dragging folders to another folder on a network drive...

        But - I still want them to be able to create, modify and delete files/folders on the network ....
        Doing what I suggested should do what you've described.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Restricting access question

          It worked ! Thank you for that bit of info on how to accomplish this.

          Comment


          • #6
            Re: Restricting access question

            Originally posted by Jamie View Post
            It worked ! Thank you for that bit of info on how to accomplish this.
            Of course it did. Glad to have helped.
            Andrew

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment

            Working...
            X