Announcement

Collapse
No announcement yet.

NTFS Permissions - Specific Rights

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NTFS Permissions - Specific Rights

    Hi all,

    I'm either missing the point, missing the fact it isn't possible or just a little slow at getting this so apologies for asking for help on something like this .
    I have a specific request for a folder and its contents which I don't currently believe is possible. Namely:

    A group that can:
    - view all content of the folder and sub-folder irrespective of who created the content
    - save new files
    - create new folders
    - open all documents and folders
    - change existing files (completely or append)

    We don't want these people to be able to

    - change names of existing folders or files irrespective of who created the folder
    - delete folders
    - delete files

    I've been playing around and getting a headache basically. Does anyone have any thoughts?

    So far we can assign standard read (read/execute etc) to anyone as these is no restriction on that. The problem comes with the conflict between changing existing files but not the names of existing files/folders (I think).

    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

  • #2
    Re: NTFS Permissions - Specific Rights

    It sounds do-able, I'll have a play and get back to you.
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: NTFS Permissions - Specific Rights

      Cheers. I need a coffee right now...
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: NTFS Permissions - Specific Rights

        Thanks, mines an espresso.
        Gareth Howells

        BSc (Hons), MBCS, MCP, MCDST, ICCE

        Any advice is given in good faith and without warranty.

        Please give reputation points if somebody has helped you.

        "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

        "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

        Comment


        • #5
          Re: NTFS Permissions - Specific Rights

          I wrote this from memory. Can you test it and see where it ends up

          At the parent directory.
          Add in your special security group to the security tab click the modify check box, then click advanced>edit
          Apply onto: (Subfolders and Files Only)
          have the permissions all ticked accept
          -full control
          -delete subfolders and files
          -delete
          -change permissons
          -take ownsership

          I think this is part of the solution but i think inheritance to the rest might need to be taken off and seprate group entries added in per folder.
          Last edited by uk_network; 31st October 2008, 12:26.
          Please remember to award reputation points if you have received good advice.
          I do tend to think 'outside the box' so others may not always share the same views.

          MCITP -W7,
          MCSA+Messaging, CCENT, ICND2 slowly getting around to.

          Comment


          • #6
            Re: NTFS Permissions - Specific Rights

            Thanks for the reply. The issue with this is that a user can create a folder/file but not give it a name on creation. i.e. every new folder is "new folder (#)"

            I think the issue is that creating a folder is actually create then rename ? Just like move is copy then delete?
            or am I way off?
            cheers
            Andy

            Please read this before you post:


            Quis custodiet ipsos custodes?

            Comment


            • #7
              Re: NTFS Permissions - Specific Rights

              This bit!


              We don't want these people to be able to
              -change names of existing folders or files irrespective of who created the folder
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: NTFS Permissions - Specific Rights

                How about also adding the creator owner group and giving assigning modify. Or even full control.
                Please remember to award reputation points if you have received good advice.
                I do tend to think 'outside the box' so others may not always share the same views.

                MCITP -W7,
                MCSA+Messaging, CCENT, ICND2 slowly getting around to.

                Comment


                • #9
                  Re: NTFS Permissions - Specific Rights

                  That would allow the creator to rename the folder at any time - as has been pointed out, the aim is to prevent that.
                  Gareth Howells

                  BSc (Hons), MBCS, MCP, MCDST, ICCE

                  Any advice is given in good faith and without warranty.

                  Please give reputation points if somebody has helped you.

                  "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                  "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                  Comment


                  • #10
                    Re: NTFS Permissions - Specific Rights

                    How did my reply end up 30 mins before the comment?!!
                    cheers
                    Andy

                    Please read this before you post:


                    Quis custodiet ipsos custodes?

                    Comment


                    • #11
                      Re: NTFS Permissions - Specific Rights

                      I think the original comment got deleted and then reposted.
                      Gareth Howells

                      BSc (Hons), MBCS, MCP, MCDST, ICCE

                      Any advice is given in good faith and without warranty.

                      Please give reputation points if somebody has helped you.

                      "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

                      "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

                      Comment


                      • #12
                        Re: NTFS Permissions - Specific Rights

                        I think in NTFS, "Rename" is a "Delete _Then_create_with_new_name" operation. So, if you explicitly deny "Delete" permission to the specified Sec Group they shouldn't be able to rename files or folders neither.

                        Ta
                        Caesar's cipher - 3

                        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                        SFX JNRS FC U6 MNGR

                        Comment


                        • #13
                          Re: NTFS Permissions - Specific Rights

                          Didn't realise that.

                          Therefore, like I said before create is "create" then "rename". so same problem?
                          cheers
                          Andy

                          Please read this before you post:


                          Quis custodiet ipsos custodes?

                          Comment


                          • #14
                            Re: NTFS Permissions - Specific Rights

                            Originally posted by AndyJG247 View Post
                            Didn't realise that.

                            Therefore, like I said before create is "create" then "rename". so same problem?
                            If I understand correctly from your original request, you wanted the users not to be able to Delete and rename files and folders. Since these two NTFS operations are directly related to each-other then in theory if you deny Delete permissions to the users and allow "Write" permissions, you should be able to achieve what you want.

                            Cheers
                            Caesar's cipher - 3

                            ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                            SFX JNRS FC U6 MNGR

                            Comment


                            • #15
                              Re: NTFS Permissions - Specific Rights

                              It is as yousay however I think the issue is that create actually creates a folder called "new folder" rather than sets up a "soon to be" folder that you choose the name of before it is created. I think...

                              Also, if there is no delete privilege then nowhere for temp files (although this may be just local testing).
                              cheers
                              Andy

                              Please read this before you post:


                              Quis custodiet ipsos custodes?

                              Comment

                              Working...
                              X