Assigning advanced rights to a large folder tree - Windows 2000 Server

I have a large standardized folder tree that is created for each project at my firm.  We use an empty template each time a new project is started.  A copy of the empty folder structure is started for each new project.

I would like to better understand how to create advanced read/write rights to accomplish the following tasks:

Example Structure

Root Folder--|
                   |-----Subfolder1
                   |-----Subfolder2
                   |-----Subfolder3
                   |-----Subfolder4
                          |--Insidefolder4

Rights summary
The root folder will have all rights assigned to Domain Admins (this should be inhertited all the way through the chain) and read only rights to all other users (assume the AD group for this is called "Projects")

Subfolder1 should allow members of the "Projects" group to create files but not folders

Subfolder2 should allow members of the "Projects" group to create folders but not files

Subfolder3 should allow members of the "Projects" group to create folders and files

Subfolder4 should not allow the creation of files or folders.  Nothing exists at this level except for other pre-determined folders.

I've played with the advanced security rights, but am still struggling with getting it right.  All help will be appreciated.

janeedlesAsked:
Who is Participating?
 
Rant32Commented:
1) On a big, important folder tree it is best practice to create a special security group ("Fileserver Admin" or something) that's not related to Domain Admins. You don't want to separate things later on when the security is all in place, and somebody decides that Domain Admins have nothing to do with files. Just an idea.

Root folder:
Fileserver Admin - FC (nothing special)
Projects - Read (nothing special)

Subfolder 1
Select the Projects group and enable the Modify checkbox.
Click Advanced.
Now there are two lines with the users group - Modify & Read-Execute. Select the line that has Modify as Permission
click View/Edit.
Change the 'Apply onto' field to Files only. OK your way out.

Subfolder 2
Exactly the same deal as Subfolder 1, but:
Change the 'Apply onto' field to 'Subfolders only'.

Subfolder 3
Grant Modify permission

Subfolder 4
Nothing changes, read-only.

Hope this helps.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.