Tgilbert
asked on
Folder Permissions - should be easy but I am really confused
I have a security group called Users and a group called Bosses
I have a network share called PROJECTS with lots of subfolders, general permissions are defined at the root level of the PROJECTS folder and are inherited through subfolders.
Within a typical subfolder called PROJECT1 the USERS have the following permissions
Modify - Read & Execute - List Folder Contents - Read - Write
all of these are Checked off. Full control is not Checked off.
BOSS is a subdirectory of PROJECT1 and the Bosses want this folder to be read-only to the USERS but modifiable to members of BOSSES
Only the Bosses are members of the BOSSES group, but everyone is a member of the USERS group - including the Bosses.
I can't really modify the share permissions as the whole PROJECT is shared not just this subfolder. So I have to use NTFS permissions
The first thing I would do is go to advanced security for the BOSS folder and disable inheritance and select Copy keeping the original permissions
I would add the BOSSES group to the permissions of the BOSS folder and grant modify or full control.
But how do I configure it so that the BOSS folder or its contents can be read but not modified by anyone in the USERS group who is not also a member of BOSSES
I can't (and probably should not) use Deny in the USERS permissions as this would deny the BOSSES as well, Deny takes precedent over allow...
This is surely a common request - but I am stumped
I need idiot proof instructions - like check this, uncheck this
TIA - TOMG
I have a network share called PROJECTS with lots of subfolders, general permissions are defined at the root level of the PROJECTS folder and are inherited through subfolders.
Within a typical subfolder called PROJECT1 the USERS have the following permissions
Modify - Read & Execute - List Folder Contents - Read - Write
all of these are Checked off. Full control is not Checked off.
BOSS is a subdirectory of PROJECT1 and the Bosses want this folder to be read-only to the USERS but modifiable to members of BOSSES
Only the Bosses are members of the BOSSES group, but everyone is a member of the USERS group - including the Bosses.
I can't really modify the share permissions as the whole PROJECT is shared not just this subfolder. So I have to use NTFS permissions
The first thing I would do is go to advanced security for the BOSS folder and disable inheritance and select Copy keeping the original permissions
I would add the BOSSES group to the permissions of the BOSS folder and grant modify or full control.
But how do I configure it so that the BOSS folder or its contents can be read but not modified by anyone in the USERS group who is not also a member of BOSSES
I can't (and probably should not) use Deny in the USERS permissions as this would deny the BOSSES as well, Deny takes precedent over allow...
This is surely a common request - but I am stumped
I need idiot proof instructions - like check this, uncheck this
TIA - TOMG
ASKER
Wrong - You are not helping - I need specific accurate instructions
You said
just change the permissions on the USERS group so the only items checked are
Modify
List and Execute
While there is a Modify at the non advanced mode - as soon as you select Modify you also select all the others Read & Execute - List Folder Contents - Read - Write so you can't select only Modify
There is no option in either non advanced nor advanced called List and Execute
Please try again - TOMG
You said
just change the permissions on the USERS group so the only items checked are
Modify
List and Execute
While there is a Modify at the non advanced mode - as soon as you select Modify you also select all the others Read & Execute - List Folder Contents - Read - Write so you can't select only Modify
There is no option in either non advanced nor advanced called List and Execute
Please try again - TOMG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Modify
List and Execute
Add the boss group and give that group Full Control
Even though the members of Boss'es are also members of user's, there higher permissions will take over and allow them full access