I have a shared folder on our DC that is called Common. This folder is where everyone puts there files and folders that they want to share with everyone else. Within this Common folder i have a folder called (Example) that has files and other folder inside it. I only want 5 people to have full access to the (Example) folder and files and then the rest of the users to have read only and list contents. How can i go about doing this? I have found a way but i know its not the correct way. I am having to go through every file and folder and take ownership and then add the people and set there permissions. I dont think this is the correct way though. It takes way to long.

Thanks for the help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee W, MVPTechnology and Business Process AdvisorCommented:
When setting permissions, you should NOT be assigning permissions to individuals.  Create groups and then assign people to groups and groups (via permissions) to folders.

Create an appropriately named group that needs access to the Example folder - we'll call the group "Sample Group"

Share "Common" - Share permissions should be EVERYONE:Full Control
                            - NTFS permissions should be EVERYONE:Full Control
Sub folder of Common, "Example" - NTFS permissions should disable inheritance and then set Everyone:Read Only, then set Sample Group:Full Control.
here it is:


Give the group everyone or domain users (better than everyone) to have read to this folder
Create a group with the appropriate users who need Full Control and give this group FC to this resource.

you can also change or do similar things to this for sub folders.

Good Luck,
hcl1Author Commented:
Ok i made the (Sample group) and applied the 5 people to it then i went back to the Common Folder and the Share permissons were already Full Control and the NTFS permissions i had to add the Everyone and put Full Control for them.

Then i went inside the Common folder to the Example folder and right clicked on it and removed everybody from it. then i added the Group that i made and i added "EVERYONE" with "Read & List Folder Contents". After that i went inside the Example folder and started checking the files and folders but the permissions did not drill down to them. How do i do that? Do i have to add them to each file and folder within the Example folder?

Thanks again
10 Holiday Gifts Perfect for Your Favorite Geeks

Still have some holiday shopping to do for the geeks in your life? While toys, clothing, games, and gift cards are still viable options for your friends and family, there’s more reason than ever to consider gadgets and software.

hcl1Author Commented:
I guess it did apply to all files and folders but did not take away all the other users i had put in before. Also i had put for the EVERYONE "Read & List Folder Contents" but when i drill down to the files and folders the EVERYONE just has "Read". Why did it take the List Contents away?

Confusing stuff

hcl1Author Commented:
Some of the files also say when i right click on them and go to properties that i do not have permisson to view or edit this file but can take ownership of it. Why would it do that. I am on the DC as Admin
Lee W, MVPTechnology and Business Process AdvisorCommented:
You're overthinking this.  Just set permissions to READ ONLY - forget List Contents.  Read Only covers that.

When you change/set the permissions on the Example folder, you also need to make sure the new permissions apply to all child objects.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hcl1Author Commented:
So i need to check the box that says "Replace permissions entries on all child objects with entries shown here that apply to child objects"?

I always Overthink things :)

Lee W, MVPTechnology and Business Process AdvisorCommented:
Yes, from the Example folder.
Lee W, MVPTechnology and Business Process AdvisorCommented:
By the way, for administration and management purposes, I recommend this:

ALWAYS grant Domain Admins and the "System" account FULL CONTROL over all files/folders/disks.  You have to trust your admins - if you don't they shouldn't be your admins.  The system account can sometimes be used by programs such as backup and antivirus software, so that needs access.

After that, with RARE exception, do NOT assign permissions to users.  It gets very messy and diificult to manage - especially over time as people leave and new people are added.  By doing everything with groups, you can more easily manage who gets access to what when.  Also, there is no need to alter/add/remove people from the NTFS permissions which you may have noticed by now, in large folders, can take some seconds or even minutes or longer to complete.
hcl1Author Commented:
I finally got it and i understand now also. Thanks a bunch on the help and advise. I am going to start making groups now.

Lee W, MVPTechnology and Business Process AdvisorCommented:
EXCEPTION - Assign users directly with permissions to their own home folders.  Other than that, everything else with RARE, RARE exception should be done with groups.
hcl1Author Commented:
Yeah everybody's "Home" folders is "My Documents" and then i have GP set up for the folder redirection. Only they can get into there home folder.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.