TrondL
asked on
NTFS security - Folder Security
Hi!
I don't want the users in the network to be able to create, delete og remove folders at root level at our server.
We have 6 folders at root level which "domain users" are NOT supposed to create, move or delete files or folders at this level. (Wich they often do by mistake)
All users are members of "domain users".
I have tried to give the users restricted acces to the folders, but it has not succeded.
Eighter they gets denied, or they still get full access.
Sharing permissions tab shows "Domain Users" "Full Control" , "Change" , " Read".
Security tab shows "Authenticated Users" and "Domain Users" - Modify - Read & Execute - List Folder Contents - Read - Write.
Advanced Settings: Access Control Settings: Deny "Users" , Deny "Authenticated Users" - Change permissions , take ownership.
I have tried to deny "create folders / append data , create files / write data. I applied the settings by using " Apply these permissions to objects and/or containers within this container only". I am not getting the result I'm looking for.
Usually users don't get enough user rights, and I have to reset to "full access" so that everyone can start working again.
As mentioned above, I want to be able to deny users to do anything about the folders at root level. (6 folders which are shared). All users have mapped this folders by a loggon script. The users are not supposed to create files in theese 6 folders or above eighter.
My settings like they are right now is working in a way taht everyone gets access to the files. This is a temporary solution. Looking for a good solution. We have only 33 employees.
Anyone with long experience within this field?
TrondL
I don't want the users in the network to be able to create, delete og remove folders at root level at our server.
We have 6 folders at root level which "domain users" are NOT supposed to create, move or delete files or folders at this level. (Wich they often do by mistake)
All users are members of "domain users".
I have tried to give the users restricted acces to the folders, but it has not succeded.
Eighter they gets denied, or they still get full access.
Sharing permissions tab shows "Domain Users" "Full Control" , "Change" , " Read".
Security tab shows "Authenticated Users" and "Domain Users" - Modify - Read & Execute - List Folder Contents - Read - Write.
Advanced Settings: Access Control Settings: Deny "Users" , Deny "Authenticated Users" - Change permissions , take ownership.
I have tried to deny "create folders / append data , create files / write data. I applied the settings by using " Apply these permissions to objects and/or containers within this container only". I am not getting the result I'm looking for.
Usually users don't get enough user rights, and I have to reset to "full access" so that everyone can start working again.
As mentioned above, I want to be able to deny users to do anything about the folders at root level. (6 folders which are shared). All users have mapped this folders by a loggon script. The users are not supposed to create files in theese 6 folders or above eighter.
My settings like they are right now is working in a way taht everyone gets access to the files. This is a temporary solution. Looking for a good solution. We have only 33 employees.
Anyone with long experience within this field?
TrondL
just give read access to your "authenticated users" at root level (folder security). that will do the trick.
btw... you will need to break rights inheritance in subfolders, because permission will be propagated..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hey, that'S what I wronte ;)
sorry bout that man.. i read the question, and just started typeing an answer in.. didn't even dawn on me to look at what had been written.
lol... It happens to everyone
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.