wiafelice
asked on
Folder Permissons - Secure a Folder from being deleted/moved/renamed
I've asked this question a little over a week ago and still have not recieved the solution I'm looking for. depending on the outcome here I may have to break down and call Microsoft. I might have to go 3rd party, who knows.
Is there a way to set permissions on a folder so that its subfolders can't be deleted/renamed/moved. I have a client folder that has roughly 2600 subfolders(basiclly a folder for each of our clients). Users are accidently deleting/renaming/moving these subfolders causing problems. Users need full control inside these subfolders to save client data and create folders.
\Clients\
---------\abc company\
-------------------------- \2006
---------\bcd company\
-------------------------- \quickbook s
-------------------------- -\2005
-------------------------- -\2006
----------\dfg company\
Per above I need the company folders locked down and I also need to be able to create files and folders underneath the company fodlers. I get everything perfect except being able to create files and folders under each client/company folder.
I probably can't lock the folders down AND be able to create folders/files inside of them.
Would love any info/help
Is there a way to set permissions on a folder so that its subfolders can't be deleted/renamed/moved. I have a client folder that has roughly 2600 subfolders(basiclly a folder for each of our clients). Users are accidently deleting/renaming/moving these subfolders causing problems. Users need full control inside these subfolders to save client data and create folders.
\Clients\
---------\abc company\
--------------------------
---------\bcd company\
--------------------------
--------------------------
--------------------------
----------\dfg company\
Per above I need the company folders locked down and I also need to be able to create files and folders underneath the company fodlers. I get everything perfect except being able to create files and folders under each client/company folder.
I probably can't lock the folders down AND be able to create folders/files inside of them.
Would love any info/help
Yes you can.
Using the Advanced button under the security tab of the Clients folder, add a DENY rule for Delete for all regular users.
Apply onto: is still "This folder, subfolders and files", but enable the checkbox called "Apply these permissions to objects and/or containers within this container only"
This will enable freedom within the Clients subdirectories, but users cannot change, rename or move the Clients directories themselves. This also means that they can't create a Client folder using Windows Explorer... Actually they can, but Windows names the folder "New Folder" initially and you can't rename them, remember ;-)
Creating a new folder using command prompt does work, or have an administrator create the Clients folders.
Using the Advanced button under the security tab of the Clients folder, add a DENY rule for Delete for all regular users.
Apply onto: is still "This folder, subfolders and files", but enable the checkbox called "Apply these permissions to objects and/or containers within this container only"
This will enable freedom within the Clients subdirectories, but users cannot change, rename or move the Clients directories themselves. This also means that they can't create a Client folder using Windows Explorer... Actually they can, but Windows names the folder "New Folder" initially and you can't rename them, remember ;-)
Creating a new folder using command prompt does work, or have an administrator create the Clients folders.
ru taliking about ftp?
BR Dushan
BR Dushan
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
I have these hosted on an NT 4.0 enterprise member server, In a sbs 2003 envirornment. I am trying to set the permissions from a XP pro client. I've messed around with the advanced option and the deny attribute but never seem to get it right.
I will try the checkbox to apply to container only and see if that works.
I will try the checkbox to apply to container only and see if that works.
Well, that's the problem... NTFS version 4 doesn't recognize the checkbox for "this folder only", and it doesn't have a deny-attribute (only "No access"). Maybe you can enable it from the XP client (which supports NTFS version 5), but I don't think the server's going to pick that up.
Would be delighted if it did, though :)
If you really want to accomplish this type of security and depending on the server hardware you need, your best bet: upgrade to a Windows 2003 file server. The nice thing is, that if you choose to install a Windows Server 2003 as a member server, that the Client Access Licenses you bought for SBS2003 are VALID for the domain member. No need to purchase extra CALs apart from the Server license.
Just a thought.
Would be delighted if it did, though :)
If you really want to accomplish this type of security and depending on the server hardware you need, your best bet: upgrade to a Windows 2003 file server. The nice thing is, that if you choose to install a Windows Server 2003 as a member server, that the Client Access Licenses you bought for SBS2003 are VALID for the domain member. No need to purchase extra CALs apart from the Server license.
Just a thought.
<<< What is the operating system on the machine that is hosting the folders? >>>
lol, I should have pushed for an answer :) Saved us all some time....
lol, I should have pushed for an answer :) Saved us all some time....
It's in the original thread, but also I didn't read that until after my first comment:
<< OP: I've asked this question a little over a week ago >>
https://www.experts-exchange.com/questions/21775354/NTFS-Folder-Permissions-Prevent-from-being-deleted-moved.html
Don't worry wiafelice, I'll live ;-)
<< OP: I've asked this question a little over a week ago >>
https://www.experts-exchange.com/questions/21775354/NTFS-Folder-Permissions-Prevent-from-being-deleted-moved.html
Don't worry wiafelice, I'll live ;-)
ASKER
No need to by more Cals if I have a licensend copy of server 2003? I actually won a copy of 2003 enterprise server with 25 cals a few weeks ago at a Microsoft Seminar. Spose i can put it to use.
Hahaha, that's another way to get your licenses. That's a poky $4,997 worth of software.
They didn't give you a server to go with it? Ridiculous!
They didn't give you a server to go with it? Ridiculous!
In 2003, you can set advanced options under the folder security. This includes 'special' combinations that give you a great deal of flexibility and control including removing the inheritance from higher levels within the hierarchy. The difficulty will be matching these up with the 'share' permissions which are much less controllable.