[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 159
  • Last Modified:

Assigning advanced rights to a large folder tree - Windows 2000 Server

I have a large standardized folder tree that is created for each project at my firm.  We use an empty template each time a new project is started.  A copy of the empty folder structure is started for each new project.

I would like to better understand how to create advanced read/write rights to accomplish the following tasks:

Example Structure

Root Folder--|

Rights summary
The root folder will have all rights assigned to Domain Admins (this should be inhertited all the way through the chain) and read only rights to all other users (assume the AD group for this is called "Projects")

Subfolder1 should allow members of the "Projects" group to create files but not folders

Subfolder2 should allow members of the "Projects" group to create folders but not files

Subfolder3 should allow members of the "Projects" group to create folders and files

Subfolder4 should not allow the creation of files or folders.  Nothing exists at this level except for other pre-determined folders.

I've played with the advanced security rights, but am still struggling with getting it right.  All help will be appreciated.

1 Solution
1) On a big, important folder tree it is best practice to create a special security group ("Fileserver Admin" or something) that's not related to Domain Admins. You don't want to separate things later on when the security is all in place, and somebody decides that Domain Admins have nothing to do with files. Just an idea.

Root folder:
Fileserver Admin - FC (nothing special)
Projects - Read (nothing special)

Subfolder 1
Select the Projects group and enable the Modify checkbox.
Click Advanced.
Now there are two lines with the users group - Modify & Read-Execute. Select the line that has Modify as Permission
click View/Edit.
Change the 'Apply onto' field to Files only. OK your way out.

Subfolder 2
Exactly the same deal as Subfolder 1, but:
Change the 'Apply onto' field to 'Subfolders only'.

Subfolder 3
Grant Modify permission

Subfolder 4
Nothing changes, read-only.

Hope this helps.

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now