Assigning advanced rights to a large folder tree - Windows 2000 Server

Posted on 2006-04-26
Last Modified: 2010-04-13
I have a large standardized folder tree that is created for each project at my firm.  We use an empty template each time a new project is started.  A copy of the empty folder structure is started for each new project.

I would like to better understand how to create advanced read/write rights to accomplish the following tasks:

Example Structure

Root Folder--|

Rights summary
The root folder will have all rights assigned to Domain Admins (this should be inhertited all the way through the chain) and read only rights to all other users (assume the AD group for this is called "Projects")

Subfolder1 should allow members of the "Projects" group to create files but not folders

Subfolder2 should allow members of the "Projects" group to create folders but not files

Subfolder3 should allow members of the "Projects" group to create folders and files

Subfolder4 should not allow the creation of files or folders.  Nothing exists at this level except for other pre-determined folders.

I've played with the advanced security rights, but am still struggling with getting it right.  All help will be appreciated.

Question by:janeedles
    1 Comment
    LVL 12

    Accepted Solution

    1) On a big, important folder tree it is best practice to create a special security group ("Fileserver Admin" or something) that's not related to Domain Admins. You don't want to separate things later on when the security is all in place, and somebody decides that Domain Admins have nothing to do with files. Just an idea.

    Root folder:
    Fileserver Admin - FC (nothing special)
    Projects - Read (nothing special)

    Subfolder 1
    Select the Projects group and enable the Modify checkbox.
    Click Advanced.
    Now there are two lines with the users group - Modify & Read-Execute. Select the line that has Modify as Permission
    click View/Edit.
    Change the 'Apply onto' field to Files only. OK your way out.

    Subfolder 2
    Exactly the same deal as Subfolder 1, but:
    Change the 'Apply onto' field to 'Subfolders only'.

    Subfolder 3
    Grant Modify permission

    Subfolder 4
    Nothing changes, read-only.

    Hope this helps.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now