kwoznica
asked on
Edit Files but not Create New Files/Folders
Hello All,
I have a file share where I am attempting to accomplish the following permissions. GroupA can only modify existing files. GroupA cannot create new files or folders and they cannot delete files or folders.
Currently I have given GroupA Modify permissions. In Advanced, I have denied the special permissions of Create Folders/Append Data, Create Files/Write Data, Delete Subfolders and Files, and Delete. I have set the Apply this to = This Folder and Subfolders.
When I log in as a test user in this group I cannot edit data in a file.
The file server is a windows 2003 SP2 system on a domain.
Can anyone assist with the solution for a proper way of applying these permissions? Thanks.
Keith
I have a file share where I am attempting to accomplish the following permissions. GroupA can only modify existing files. GroupA cannot create new files or folders and they cannot delete files or folders.
Currently I have given GroupA Modify permissions. In Advanced, I have denied the special permissions of Create Folders/Append Data, Create Files/Write Data, Delete Subfolders and Files, and Delete. I have set the Apply this to = This Folder and Subfolders.
When I log in as a test user in this group I cannot edit data in a file.
The file server is a windows 2003 SP2 system on a domain.
Can anyone assist with the solution for a proper way of applying these permissions? Thanks.
Keith
Hi!
This is hard one. The problem is that there is only one permission "Create Files/Write Data" which defines creating new files or adding data to existing folders. Did you try to set deny permissions "For these folder only" or you can select all files and clear deny "Create Files/Write Data" for all files. File permission should overwrite folder permission.
HTH
Toni
This is hard one. The problem is that there is only one permission "Create Files/Write Data" which defines creating new files or adding data to existing folders. Did you try to set deny permissions "For these folder only" or you can select all files and clear deny "Create Files/Write Data" for all files. File permission should overwrite folder permission.
HTH
Toni
ASKER
Toni,
By clearing the Create Files/Write data permission users then have the ability to create files which is what I am trying to avoid. Users must not be able to create files on the share or any of the share's subfolders.
Respectfully Yours,
Keith Woznica
By clearing the Create Files/Write data permission users then have the ability to create files which is what I am trying to avoid. Users must not be able to create files on the share or any of the share's subfolders.
Respectfully Yours,
Keith Woznica
I'm suggesting two things:
1. When you are setting Create Files/Write and Create Folder/Append Data Deny permissions, select "This Folder Only".
2. Now define Create Files/Write and Create Folder/Append Data Allow permission and select "Files only".
Now, new files can not be created, but existing files can be modified. I have checked this solution and it's working if you need aditional information, let me know.
1. When you are setting Create Files/Write and Create Folder/Append Data Deny permissions, select "This Folder Only".
2. Now define Create Files/Write and Create Folder/Append Data Allow permission and select "Files only".
Now, new files can not be created, but existing files can be modified. I have checked this solution and it's working if you need aditional information, let me know.
ASKER
Toni,
Those security settings do not work either as I can create files in subfolders.
Respectfully Yours,
Keith Woznica
Those security settings do not work either as I can create files in subfolders.
Respectfully Yours,
Keith Woznica
Can you post complete set of NTFS permissions you have configured for this group?
ASKER
Toni,
For the group the effective permissions are as follows:
Traverse Folder/Execute File
List Folder/Read Data
Read Attributes
Read Extended Attributes
I have under permissions entries 2 which are manually created for the group.
The first entry is a Deny entry. The Apply Onto = This Folder Only
The Deny permissions are set to Create Files/Write Data, and Deny Create Folders/Append Data.
The second custom entry is an allow entry.
The Apply Onto = Files only.
The Allow permissions are Traverse Folder/Executue File, List Folder/Read Data, Read Attributes, Create Files/Write Data, Create Folders/Append Data, Write Attributes, Write Extended Attributes, Read Permissions.
It just seems as if you cant have a folder where you can only edit existing files. Let me know if you see anything I have missed.
For the group the effective permissions are as follows:
Traverse Folder/Execute File
List Folder/Read Data
Read Attributes
Read Extended Attributes
I have under permissions entries 2 which are manually created for the group.
The first entry is a Deny entry. The Apply Onto = This Folder Only
The Deny permissions are set to Create Files/Write Data, and Deny Create Folders/Append Data.
The second custom entry is an allow entry.
The Apply Onto = Files only.
The Allow permissions are Traverse Folder/Executue File, List Folder/Read Data, Read Attributes, Create Files/Write Data, Create Folders/Append Data, Write Attributes, Write Extended Attributes, Read Permissions.
It just seems as if you cant have a folder where you can only edit existing files. Let me know if you see anything I have missed.
ASKER
Actually with your recommendations I can't create files in subfolders but I also can't edit existing files. I only seem to have read only access. In an early posting I mentioned I could create files in subfolders but that was a mistake.
When I attempt to save my changes in files such as Excel I receive an error message.
When I attempt to save my changes in files such as Excel I receive an error message.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It doesn't work the way I originally requested a solution. I just denied groups permissions and allowed other groups permission with hopes that new files would not be created in the shares.
http://technet.microsoft.com/en-us/library/bb457104.aspx
Let me know