dosle
asked on
making a shared folder undeletable
I am trying to make a shared folder undeletable and unable to be renamed or copied elsewhere, but i still want to allow the users to delete the files within it as neccessary.
here is the basic layout:
SERVER1____
|
it_test
|__________MakeFolderUndel
| | | |
| file1 file2 file3
|
|
________________Folder2bla
on the initial it_test folder, I added my domain user to the shared access with allow on all.
Then I lockdown from there, for the advanced security settings onMakeFolderUndeletable i added my domain user account with the rights 'Deny' on 'Delete Subfolders and Files' and on 'Delete'.
This stops me from deleting MakeFolderUndeletable form the root, but i can't delete files inside, even those I've created. My goal is to allow people to delete files within the folder, just not the entire folder in one fell swoop as they have done many times in the past.
thanks
here is the basic layout:
SERVER1____
|
it_test
|__________MakeFolderUndel
| | | |
| file1 file2 file3
|
|
________________Folder2bla
on the initial it_test folder, I added my domain user to the shared access with allow on all.
Then I lockdown from there, for the advanced security settings onMakeFolderUndeletable i added my domain user account with the rights 'Deny' on 'Delete Subfolders and Files' and on 'Delete'.
This stops me from deleting MakeFolderUndeletable form the root, but i can't delete files inside, even those I've created. My goal is to allow people to delete files within the folder, just not the entire folder in one fell swoop as they have done many times in the past.
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Bradley Fox
FYI, You will have to repeat the steps on "MakeFolderUndeleteable" for every folder in IT_Test to give the desired settings.
ASKER
this works perfectly. The oen thing i forgot to take into consideration was the drop down box for 'this folder only'.
thanks!!
thanks!!
ASKER
perhaps you can shed some light on this then?
what if i created a folder 'ForMeOnly'. how can i only allow my domain account access to that folder within IT_Test?
i tried adding 'everyone' as deny read/traverse and adding MyDomainUser as full control, but the deny takes over i guess.
what if i created a folder 'ForMeOnly'. how can i only allow my domain account access to that folder within IT_Test?
i tried adding 'everyone' as deny read/traverse and adding MyDomainUser as full control, but the deny takes over i guess.
Deny always takes precedence over allow.
I'm not sure what you are asking. Are you creating this folder within IT_Test? If so just give list permissions on IT_Test to that user. This will allow them to traverse the directory without being able to open any files.
I'm not sure what you are asking. Are you creating this folder within IT_Test? If so just give list permissions on IT_Test to that user. This will allow them to traverse the directory without being able to open any files.
ASKER
What I want to do is only allow a certain user to a special folder within the IT_Test structure.
I can't find the combination of security settings to only let that user into the folder.
thanks again,
matt
I can't find the combination of security settings to only let that user into the folder.
thanks again,
matt
On the folders above the special folder give that user list (if they do not already have permissions to traverse the folder)
On the subfolder you want them to only have access to remove all other security from the folder (uncheck inherit from parent if it's checked) and add only 1 entry to the ACL for that user. You do not have to be given deny to disallow access into a folder, if you do not explicitly have access then you will not get it. Deny is only used in the event that you have an exception and should be used SPARINGLY if at all.
Example - You have an AD group named Finance with 4 members (user1, user2, user3, and user4). You have a special folder that only user1-3 should have access to. You could give the finance group access then deny access to user4. User5, user6, user7, etc... will not have access because they have not been granted access explicity.
On the subfolder you want them to only have access to remove all other security from the folder (uncheck inherit from parent if it's checked) and add only 1 entry to the ACL for that user. You do not have to be given deny to disallow access into a folder, if you do not explicitly have access then you will not get it. Deny is only used in the event that you have an exception and should be used SPARINGLY if at all.
Example - You have an AD group named Finance with 4 members (user1, user2, user3, and user4). You have a special folder that only user1-3 should have access to. You could give the finance group access then deny access to user4. User5, user6, user7, etc... will not have access because they have not been granted access explicity.