Announcement

Collapse
No announcement yet.

Move folder doesn't inherit target folder permissons problems.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Move folder doesn't inherit target folder permissons problems.

    I've setup the following Share with special ACLs on Server 2003.

    Tree:
    Create folder Share
    Create folder \Share\Eng_DESIGN (FOR engineering and Design users)
    Create folder \Share\Eng_PUR (FOR engineering and Purchasing users)

    Share settings:
    A. Share \\server\Share <folder>
    1. Folder Share permissions: for all domain users
    2. Folder Security: Read only for Eng / Design / Purchasing Users.

    B. Share\ENG_DESIGN
    1. ACL settings: Full Contrl for 'Design' Users (Macintosh Users)
    2. ACL settings for 'Eng' Users (Windows Users):
    Permission Entry: Uncheck 'Full' and 'Delete' objects only.
    Apply on: this folders, sub-folders and files
    Permission entries will show as 'Special' for 'Eng' users after set.

    C. Share\ENG_PUR
    1. ACL settings: for 'Eng' and 'Pur' Users (Windows Users)
    Permission Entry: Uncheck 'Full' and 'Delete'objects only.
    Apply on: this folders, sub-folders and files
    Permission entries will show as 'Special' for 'Eng' and 'Pur' Users after set.

    D. <Share> folder also checked 'Enable access-based enumeration on this shared folder' with Access-based Enumeration tools applied.

    Results:
    A. Design Users can view & access \\Server\share\Eng_design
    B. Purchase Users can view & access \\Server\share\Eng_pur
    C. Engineering Users can view & access all folders under \\Server\share
    D. Users cannot create or rename folder under \\Server\share.

    Problems:
    After Engineering Users move folder/files (e.g. folder <ABC-TEST>) from <Eng_Pur> to <Eng_Design>, Design users cannot view <ABC-TEST> folders
    <ABC-TEST> doesn't inherit security permissons at target folders.

    But if use copy instead of move, Design users can access <ABC-TEST> which inherits permissions at target folders.

    How can I fix this? Now we just add back the appropriate group in folder security permissons each time.
    Thanks.
    Last edited by userhk; 23rd April 2009, 09:15.

  • #2
    Re: Move folder doesn't inherit target folder permissons problems.

    Well known from MS courses:
    MOVE--SAME--RETAIN

    So if you MOVE a file or folder on the SAME drive, it will RETAIN existing permissions
    This is because only the pointer to the file is changed
    If you copy, you INHERIT permissions from the parent

    No fix, I think, unless you train them to copy and delete the original, or how to reapply permissions from the parent
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Move folder doesn't inherit target folder permissons problems.

      i was gonna say the same thing..
      Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

      Comment


      • #4
        Re: Move folder doesn't inherit target folder permissons problems.

        Got it. Well noted now. Many thanks!!

        Comment

        Working...
        X