Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Folder Permissons - Secure a Folder from being deleted/moved/renamed

Posted on 2006-03-24
12
Medium Priority
?
231 Views
Last Modified: 2013-12-04
I've asked this question a little over a week ago and still have not recieved the solution I'm looking for.  depending on the outcome here I may have to break down and call Microsoft. I might have to go 3rd party, who knows.  

Is there a way to set permissions on a folder so that its subfolders can't be deleted/renamed/moved.  I have a client folder that has roughly 2600 subfolders(basiclly a folder for each of our clients).  Users are accidently deleting/renaming/moving these subfolders causing problems.  Users need full control inside these subfolders to save client data and create folders.

\Clients\
---------\abc company\
--------------------------\2006
---------\bcd company\
--------------------------\quickbooks
---------------------------\2005
---------------------------\2006
----------\dfg company\

Per above I need the company folders locked down and I also need to be able to create files and folders underneath the company fodlers.  I get everything perfect except being able to create files and folders under each client/company folder.

I probably can't lock the folders down AND be able to create folders/files inside of them.
Would love any info/help

0
Comment
Question by:wiafelice
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16287481
What is the operating system on the machine that is hosting the folders?
In 2003, you can set advanced options under the folder security. This includes 'special' combinations that give you a great deal of flexibility and control including removing the inheritance from higher levels within the hierarchy. The difficulty will be matching these up with the 'share' permissions which are much less controllable.

0
 
LVL 12

Expert Comment

by:Rant32
ID: 16289193
Yes you can.

Using the Advanced button under the security tab of the Clients folder, add a DENY rule for Delete for all regular users.

Apply onto: is still "This folder, subfolders and files", but enable the checkbox called "Apply these permissions to objects and/or containers within this container only"

This will enable freedom within the Clients subdirectories, but users cannot change, rename or move the Clients directories themselves. This also means that they can't create a Client folder using Windows Explorer... Actually they can, but Windows names the folder "New Folder" initially and you can't rename them, remember ;-)

Creating a new folder using command prompt does work, or have an administrator create the Clients folders.
0
 
LVL 17

Expert Comment

by:Dushan De Silva
ID: 16289318
ru taliking about ftp?

BR Dushan
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
LVL 12

Accepted Solution

by:
Rant32 earned 1000 total points
ID: 16289447
Have just read the original thread ;-)

The NTFS filesystem in NT4 offers a LOT less flexibility with access control (that's why you get the message that an NT5 host has tried to set permissions the  NT4 host doesn't support). However, I created a setup and what you want is partially possible.

First, I assume all users already have Change permissions on all files and directories, including the Clients folder. (I prevent FC wherever possible).

Then open the permissions for the Clients folder. Select the users group and choose "Special Directory Access...". Set it to "Other" and only check the Read checkbox. Click OK. Then select "Special File Access...", Select Other, and make sure all checkboxes are cleared. OK your way out of here, without applying these permissions to subfolders.

This will only prevent users from renaming Client folders, but it will not prevent them from deleting any. The NT4 file system can't distinguish between the Client folder itself, and the directory objects within it (so if you prevent the Clients\A folder from being deleted, you can't delete child folders within Clients\A either).
0
 

Author Comment

by:wiafelice
ID: 16301731
I have these hosted on an NT 4.0 enterprise member server, In a sbs 2003 envirornment.  I am trying to set the permissions from a XP pro client.  I've messed around with the advanced option and the deny attribute but never seem to get it right.

I will try the checkbox to apply to container only and see if that works.  

0
 
LVL 12

Expert Comment

by:Rant32
ID: 16302119
Well, that's the problem...  NTFS version 4 doesn't recognize the checkbox for "this folder only", and it doesn't have a deny-attribute (only "No access"). Maybe you can enable it from the XP client (which supports NTFS version 5), but I don't think the server's going to pick that up.

Would be delighted if it did, though :)

If you really want to accomplish this type of security and depending on the server hardware you need, your best bet: upgrade to a Windows 2003 file server. The nice thing is, that if you choose to install a Windows Server 2003 as a member server, that the Client Access Licenses you bought for SBS2003 are VALID for the domain member. No need to purchase extra CALs apart from the Server license.

Just a thought.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16302242
<<< What is the operating system on the machine that is hosting the folders? >>>

lol, I should have pushed for an answer :) Saved us all some time....
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16302388
It's in the original thread, but also I didn't read that until after my first comment:

<< OP: I've asked this question a little over a week ago >>
http://www.experts-exchange.com/Security/Win_Security/Q_21775354.html

Don't worry wiafelice, I'll live ;-)
0
 

Author Comment

by:wiafelice
ID: 16303496
No need to by more Cals if I have a licensend copy of server 2003?  I actually won a copy of 2003 enterprise server with 25 cals a few weeks ago at a Microsoft Seminar.  Spose i can put it to use.

0
 
LVL 12

Expert Comment

by:Rant32
ID: 16305780
Hahaha, that's another way to get your licenses. That's a poky $4,997 worth of software.

They didn't give you a server to go with it? Ridiculous!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question