Permissions Questions

Thanks.  Windows 2003 Server (Mac File Sharing is On) Here's the scenario:

Volume D:
   Staff Folder (Shared)
      Person1
      Person2
      Person3
      Etc.

How do I set permissions for domain users to NOT be able to write anything at the Staff Folder level but be able to drop files and copy files to and from any "Person" folder.  Users should not be able to delete anything except thier own content from thier own folders.  PLEASE GIVE DETAILED RESPONSE or STEP BY STEP.

I've been stumbling through Sharing permissions, the Security Tab and the Advanced Security Settings too long now trying to nail this.  

mmurray46Asked:
Who is Participating?
 
CDCOPConnect With a Mentor Commented:
Well depending on how you have your domain setup, and how many users you have, there are a couple of ways to handle this task.

You can Remove the everyone group under secuirity settings and replace with Authenticated users (Make sure you have administrators group in there always so you have access to it). This will make is so only users you have in your domain can access that folder. You may also want to remove certian settings for Authenticated users. The way it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses. You will have to remove all users under security tab for each Person folder, then replace with the user that needs access to it and admin of course. You can give them full control since they are the folder owner.

* To remove all users from a folder you may have to take the check out of "Use inheritable..." on the security tab
* If you have a domain then you dont need sharing, because the users already have an account on the domain so you can just setup security settings for them.
0
 
NJComputerNetworksCommented:
CDCOP has the correct answer here...  But just to make it more clear, look at this:

Step 1:

   Staff Folder (Shared) (Share access = Authenticated Users = Change ;  NFTS= Authenticated users need List Files/Folders for this and all subdirectories.
      Person1
      Person2
      Person3
     
This gives everyone the ability to "WALK" down the directory structure.  But none of them can get into any of the sub folders.


(By the way, you might want to chang Authenticated users group to a group that is more specific...one that contians just the users that need access)

Step 2:

Give NTFS access to the appropriate users at the subfolder level:

   
      Person1  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person2  (give Change Rights here and subfolders for the group that needs full access to this dir)
      Person3  (give Change Rights here and subfolders for the group that needs full access to this dir)

Hope this helps

Joe Poandl MCSE

     
0
 
mmurray46Author Commented:
Thanks.  You state: "it sounds, all you need is list files/folder and read so users can only navigate to their own folder and not mess with anyone elses".  However, one of my conditions is that the users must be able to drop files into and copy files from any other "Person" folder.  I just don;t want them to be able to delete anyone else's stuff.  

You did confirm my suspicion, however, that I will be looking at making a trip to 60 people's security tabs...
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
mmurray46Author Commented:
That last comment was for CD COP...
0
 
mmurray46Author Commented:
OK Joe - Do I have this right?

1) Share permissions for Staff Folder = Domain Users (Change and READ)

2) Security Tab for Domain Users (Which I suspect is the same as NTFS) = (UNDER ADVANCED -> for Domain Users -> List Folder/Read Data -> This Folder and Subfolders.  Thats it.

3) On Individual Security Tab for "Person" folders: Under ADVANCED - Domain Users get change permissions only for This Folder and subfolders.  That's it.

*Admin is given full for all directories.

Is this correct?
0
 
CDCOPCommented:
Sorry...im back...you can just give them read access to other users folders. The settings are just as they appear. If you give a user read access to a folder that user can read that folder, and that is all. If you would like them to write to a folder, give them write access.
0
 
mmurray46Author Commented:
Well thanks - I was hoping for a close look at my last with a verification because if I got the instructions right, they're not right because right now, nobody can write to any folders.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.