Can't remove read only attributes from Windows Explorer on all directories within the server

Posted on 2006-04-24
Last Modified: 2012-06-27
I have just added a new domain to my network and installed a new windows 2003 server.  All my users have moved over to the new domain and can access their mail however when they try accessing their files they get the access is denied message on their screens.  After looking at the server all the directories within the root drive are all set to "read only" and when I uncheck the tick box I get the question do u want to change all the sub-directories as well, so I apply these setting and the read only disappears but when I go back into that file the read only is still checked (grey).  I have tried all the suggestion on this website but I'm not getting anywhere and need this to be sorted ASAP.  Please can some help. I've read the MS articles but they don't help either.  I have also tried removing the shares and reapplying with the correct permissions but that also does not help.

Please can some get back to me ASAP


Question by:prakashshah
    LVL 57

    Expert Comment

    by:Pete Long
    All Folders Are Read only?

    The square (or greyed out check mark) for a folder means NOTHING, NO CHANGE, WAITING
    FOR YOU TO USE ME.  This is because the read-only box in a folder's properties is
    only used to apply or remove the read-only setting from all of the folder's files
    at once. If you clear the box and click Apply, then the files in the folder will
    be cleared of any read-only attributes they have. Like wise for checking the box
    to apply the attribute to all files.  The square reappears the next time because,
    once again, you haven't used it.

    FOLDERS do NOT have a functional read-only attribute in Windows.  The read-only attribute
    is only for files.  The read-only check-box for folder properties is a bad and confusing
    design.  If you want to avoid read-only confusion, check individual files, ignore

    Windows file systems actually use the read-only attribute for a folder to make it
    customisable, but the checkbox in a folder's properties has nothing to do with that.
     You cannot prevent a folder's contents from being changed using the read-only attribute.
     You can read more about that here:;en-us;326549


    Author Comment

    Thanks for that however none of my users can edit or add files within these folders which is becoming a major problem.  I have tried a number of solutions that have been commented on this web site and solutions on microsoft's website but I'm still get nowhere.

    Please help


    LVL 9

    Accepted Solution

    I set the permissions on the shares on a group basis per dept.
    Ie you may have users in accounts dept who you want to have the change amend atrributes of the accounts share, called say accounts1
    and users within say admin who need say read only access of the accounts1 share.
    In the above scenario all users would have read only access to the accounts1 share via their default membership to the authenticated users group and everyone group.

    You could create 2 security groups, one called
    Accounts1 amend (for arguments sake)
    and one called
    Admin Accounts (you get the idea though)

    Remove Authenticated users and the everyone group from the Accounts1 share.
    Obviously leave in your Domain admins etc.
    Add the 2 newly created security groups above to the Accounts1 share.
    Make sure that the Admin Accounts group have only read only access,
    And give the
    Accounts1 Amend the required permissions to allow them to add/amend/delete/files/folders/ or what ever it is you require, only you will know what permissions they need.

    On the security Tab of the share
    Click Advanced
    On say the Acounts1 Amend group
    Select Edit
    Then change the permissions as required
    >>>DONT FORGET TO select the correct drop down<<<
    This Folder Only
    This Folder SubFolders and Files (Probably your best bet to get you up and running)
    Files Only
    There are a few options in here which you can select and as above only you will know what access you want to give it.

    You could if you wanted Leave the Authenticated Users group in and leave it as read only which will give everyone who is NOT A MEMBER OF ACCOUNTS1 AMEND only read access
    Everyone who is a member of Accounts1 amend will get what ever permissions you assign to that group.
    Or you can simply give the Authenicated users group what ever add/amend/delete/files/folders you wish.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now