Solved

Folder Permissions - should be easy but I am really confused

Posted on 2006-07-24
3
229 Views
Last Modified: 2008-03-06
I have a security group called Users and a group called Bosses

I have a network share called PROJECTS with lots of subfolders,  general permissions are defined at the root level of the PROJECTS folder and are inherited through subfolders.

Within a typical subfolder called PROJECT1 the USERS have the following permissions
Modify - Read & Execute - List Folder Contents - Read - Write
all of these are Checked off.  Full control is not Checked off.

BOSS is a subdirectory of PROJECT1 and the Bosses want this folder to be read-only to the USERS but modifiable to members of BOSSES

Only the Bosses are members of the BOSSES group, but everyone is a member of the USERS group - including the Bosses.

I can't really modify the share permissions as the whole PROJECT is shared not just this subfolder.  So I have to use NTFS permissions

The first thing I would do is go to advanced security for the BOSS folder and disable inheritance and select Copy keeping the original permissions

I would add the BOSSES group to the permissions of the BOSS folder and grant modify or full control.  

But how do I configure it so that the BOSS folder or its contents can be read but not modified by anyone in the USERS group who is not also a member of BOSSES

I can't (and probably should not) use Deny in the USERS permissions as this would deny the BOSSES as well, Deny takes precedent over allow...

This is surely a common request - but I am stumped

I need idiot proof instructions - like check this, uncheck this

TIA - TOMG






0
Comment
Question by:Tgilbert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:UnifiedIT
ID: 17170771
You should not have to use Deny, just change the permissions on the USERS group so the only items checked are
Modify
List and Execute


Add the boss group and give that group Full Control

Even though the members of Boss'es are also members of user's, there higher permissions will take over and allow them full access


0
 

Author Comment

by:Tgilbert
ID: 17171780
Wrong - You are not helping - I need specific accurate instructions

You said
just change the permissions on the USERS group so the only items checked are
Modify
List and Execute

While there is a Modify at the non advanced mode - as soon as you select Modify you also select all the others Read & Execute - List Folder Contents - Read - Write so you can't select only Modify

There is no option in either non advanced nor advanced called List and Execute

Please try again - TOMG

0
 
LVL 13

Accepted Solution

by:
2hype earned 90 total points
ID: 17172399
On the Bosses folder you would go into Advance and Uncheck Inherit from parent.

You would go back to the security screen and give Bosses Modify Permissions.  You would the give users read and execute permissions.

Therefore, Users can only read and execut the files.  Bosses can Read, Execute and Modify any file in the directory.  A user who is both memeber of the Bosses and Users would also have Read, Execute and Modify.

You would not deny anything.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Resolve DNS query failed errors for Exchange
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question