Permission issue with Server 2003

I can log on locally or Remote Desktop into our 2003 Server and create a folder on the root of the "D" drive.  In the folder I put a sample text file.

I have set the share as well as the NTFS permissions on that folder to only Domain Admins, Full Control.  The folder is not inheriting any permissions from the root.  The only permissions on the folder and the text file is Domain Admins, Full Control.

Now...When I log on locally or through Remote Desktop to the Server, I can add and delete files in the Folder metioned above.  BUT...when I browse using the RUN command from my PC and use the UNC (\\servername\d$), I CANNOT add files or delete anything in the folder...I cannot delete the folder either.  Even if I map a drive, I get the same results.

I am in the Domain Admins group.  Any ideas??
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Make sure SYSTEM has Full Control too.

daveyd123Author Commented:
The root of the drive is shared as the admin share D$.  The folder resides on D$.  The folder is not inheriting permissions.  The share permissions set on the folder are Domain Admins, Full Control and Everyone, Full Control.  The NTFS permissions are set to Domain Admins, Full Control and System, Full Control.

If I browse to \\servername\sharedfolder, I can add/delete contents of the folder.

If I browse to \\servername\d$, I cannot delete the shared folder or modify the contents

The NTFS permissions on the D$ drive are...Everyone, Modify, Domain Admins, Full Control, System, Full Control, Authenicated Users, Modify

Once again, I am a Domain Admin

Because you are (by default) a member of Authenticated Users - the most restrictive share permissions apply - thus Modify (and I bet some Special Permissions also).

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

daveyd123Author Commented: is what I am trying to do...

I created a shared folder named "Shared" on the D: drive.  In the "shared" folder are subfolders for each Department. (Finance, HR)  I created 2 Security groups (Finance group, HR group)

I want Finance users to have Full control of the files/folders in the Finance folder but not be able to delete the Finance Folder itself.

If I give the Finance group NTFS Modify permissions to the Finance folder, the users can delete the entire Finance folder...which I dont want.

Like I said, I need the users to be able to have full control of their files in their respective folders...without being able to delete the entire folder itself.

Not possible with Windows.

I have heard many requests on this.  The plain truth is you cannot remove Delete permissions without affecting Write permissions.  You can try to work with specifically Denying Delete, but I think you will see that by doing so you cannot create a new folder and change it's name - I have toyed with this in the past and can't completely remember all the combinations and their results.  However, I did this on Windows 2000 Server - perhaps this is now possible on 2003??

Perhaps, try this:

Make sure Administrators and SYSTEM have Full Control.  Remove Inheritance from the root and copy the ACEs.  Remove Authenticated Users and Everyone.  Add your Finance Group.  Select Finance Group and hit the Advanced button.  Select the Finance Group again and select Edit.  Check the box beside Delete Files and Folders under Deny.  Try creating and deleting while logged in as a member of Finance Group.  If it works the way it's logically supposed to, you should not be able to delete.  Now, if you want to do this at each folder then remove inheritance and copy ACEs to the folder and from Advanced, then Edit for the Finance Group simple Deny the Delete only on the folder - instead of Delete Files and Folders.

You also could create the Finance folder and give Read Only, but allow create files and folders.  This way they become Owners of anything they create and have full control of them while still inheriting Read from the parent for the rest of the members.

Advise what your outcome is.

daveyd123Author Commented:
I figured it out!!

Here's how its setup...

I created a shared folder on the root of D: named "Shared".  Gave the Change share permission to Domain Users.
Created a subfolder in "shared" and named it Finance.  Gave the Finance group Read & Excute, List Folder Contents, Read and Special (Delete Subfolders and Files) NTFS Permissions.

Now members of the Finance group can create, modify and delete files in the Finance folder...when they try to delete the entire Finance folder...they get Access Denied  :-)

*all the folders are not inheriting any permissions
Very nice.

This is a useful thread.

Well, he kind of answered his own question.....

PAQ and refund...

Closed, 100 points refunded.

Community Support Moderator
Experts Exchange

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.