Solved

Folder Permissions - should be easy but I am really confused

Posted on 2006-07-24
3
230 Views
Last Modified: 2008-03-06
I have a security group called Users and a group called Bosses

I have a network share called PROJECTS with lots of subfolders,  general permissions are defined at the root level of the PROJECTS folder and are inherited through subfolders.

Within a typical subfolder called PROJECT1 the USERS have the following permissions
Modify - Read & Execute - List Folder Contents - Read - Write
all of these are Checked off.  Full control is not Checked off.

BOSS is a subdirectory of PROJECT1 and the Bosses want this folder to be read-only to the USERS but modifiable to members of BOSSES

Only the Bosses are members of the BOSSES group, but everyone is a member of the USERS group - including the Bosses.

I can't really modify the share permissions as the whole PROJECT is shared not just this subfolder.  So I have to use NTFS permissions

The first thing I would do is go to advanced security for the BOSS folder and disable inheritance and select Copy keeping the original permissions

I would add the BOSSES group to the permissions of the BOSS folder and grant modify or full control.  

But how do I configure it so that the BOSS folder or its contents can be read but not modified by anyone in the USERS group who is not also a member of BOSSES

I can't (and probably should not) use Deny in the USERS permissions as this would deny the BOSSES as well, Deny takes precedent over allow...

This is surely a common request - but I am stumped

I need idiot proof instructions - like check this, uncheck this

TIA - TOMG






0
Comment
Question by:Tgilbert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:UnifiedIT
ID: 17170771
You should not have to use Deny, just change the permissions on the USERS group so the only items checked are
Modify
List and Execute


Add the boss group and give that group Full Control

Even though the members of Boss'es are also members of user's, there higher permissions will take over and allow them full access


0
 

Author Comment

by:Tgilbert
ID: 17171780
Wrong - You are not helping - I need specific accurate instructions

You said
just change the permissions on the USERS group so the only items checked are
Modify
List and Execute

While there is a Modify at the non advanced mode - as soon as you select Modify you also select all the others Read & Execute - List Folder Contents - Read - Write so you can't select only Modify

There is no option in either non advanced nor advanced called List and Execute

Please try again - TOMG

0
 
LVL 13

Accepted Solution

by:
2hype earned 90 total points
ID: 17172399
On the Bosses folder you would go into Advance and Uncheck Inherit from parent.

You would go back to the security screen and give Bosses Modify Permissions.  You would the give users read and execute permissions.

Therefore, Users can only read and execut the files.  Bosses can Read, Execute and Modify any file in the directory.  A user who is both memeber of the Bosses and Users would also have Read, Execute and Modify.

You would not deny anything.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question