Solved

Folder Permissions - should be easy but I am really confused

Posted on 2006-07-24
3
225 Views
Last Modified: 2008-03-06
I have a security group called Users and a group called Bosses

I have a network share called PROJECTS with lots of subfolders,  general permissions are defined at the root level of the PROJECTS folder and are inherited through subfolders.

Within a typical subfolder called PROJECT1 the USERS have the following permissions
Modify - Read & Execute - List Folder Contents - Read - Write
all of these are Checked off.  Full control is not Checked off.

BOSS is a subdirectory of PROJECT1 and the Bosses want this folder to be read-only to the USERS but modifiable to members of BOSSES

Only the Bosses are members of the BOSSES group, but everyone is a member of the USERS group - including the Bosses.

I can't really modify the share permissions as the whole PROJECT is shared not just this subfolder.  So I have to use NTFS permissions

The first thing I would do is go to advanced security for the BOSS folder and disable inheritance and select Copy keeping the original permissions

I would add the BOSSES group to the permissions of the BOSS folder and grant modify or full control.  

But how do I configure it so that the BOSS folder or its contents can be read but not modified by anyone in the USERS group who is not also a member of BOSSES

I can't (and probably should not) use Deny in the USERS permissions as this would deny the BOSSES as well, Deny takes precedent over allow...

This is surely a common request - but I am stumped

I need idiot proof instructions - like check this, uncheck this

TIA - TOMG






0
Comment
Question by:Tgilbert
3 Comments
 
LVL 2

Expert Comment

by:UnifiedIT
Comment Utility
You should not have to use Deny, just change the permissions on the USERS group so the only items checked are
Modify
List and Execute


Add the boss group and give that group Full Control

Even though the members of Boss'es are also members of user's, there higher permissions will take over and allow them full access


0
 

Author Comment

by:Tgilbert
Comment Utility
Wrong - You are not helping - I need specific accurate instructions

You said
just change the permissions on the USERS group so the only items checked are
Modify
List and Execute

While there is a Modify at the non advanced mode - as soon as you select Modify you also select all the others Read & Execute - List Folder Contents - Read - Write so you can't select only Modify

There is no option in either non advanced nor advanced called List and Execute

Please try again - TOMG

0
 
LVL 13

Accepted Solution

by:
2hype earned 90 total points
Comment Utility
On the Bosses folder you would go into Advance and Uncheck Inherit from parent.

You would go back to the security screen and give Bosses Modify Permissions.  You would the give users read and execute permissions.

Therefore, Users can only read and execut the files.  Bosses can Read, Execute and Modify any file in the directory.  A user who is both memeber of the Bosses and Users would also have Read, Execute and Modify.

You would not deny anything.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now