Solved

Modify files in share but do not allow new files to be written.

Posted on 2006-11-22
4
149 Views
Last Modified: 2013-12-04
Microsoft shop
Servers are 2003 / Clients are XP (SP2)

Share is on a 2003 server, need to allow certain users the ability to modify existing documents in the share but not create new ones or delete existing ones.

Current settings:
SharePermissions:
Domain Users (Read)
Domain Admins (Full)
Programming Group (Change/Read) - This is the one with the needed permissions.
DocControl Group (Full)

SecuritySettings:
Domain Users (Read)
Domain Admins (Full)
Programming Group (Traverse Folder / Execute File, List Folder / Read Data, Read Attributes, Read Extended Attributes, Create Folders / Append Data, Read Permissions)
DocControl Group (Modify)

Any thoughts
0
Comment
Question by:shoemakerbrian
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 250 total points
ID: 17999174
You won't be able to modify files with this NTFS permissions. You need Write permission to modify existing documents, Append Data will not help, unfortunately. When you change file special NTFS permission Write Data, Write Attributes and Write Extended attributes should be set to Allow!
0
 
LVL 1

Expert Comment

by:beckman55
ID: 20304989
NTFS and Share permissions will cancel each other out in a way.  Rather than get into explaining how....my instructor recommended to me to set SHARE permissions to everyone FULL CONTROL....then use just the NTFS permissions to restrict access.  Then there is no thinking of if share=read and NTFS=write what is the final result.   I hope that makes sense.  

If you need more info let me know.
0
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 20307383
Using Everyone Full Control permission is bad security practice. If possible Everyone should be removed and "Authenticated users" group used instead.
0
 
LVL 1

Author Comment

by:shoemakerbrian
ID: 20316837
Actually what I did was wrote a vbscript to assign permissions to the files themself and left the directories alone.

Thank you for all your assistance though.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question