The Permissions Challenge

Windows 2k3 Sbs Server
Need to setup permissions as follows:
All paths are ficticious
the server folder d:\company is shared as "company" and mapped on to clients as g:
there are loads of folders under G:
1. we want to prevent people from creating, deleting and moving files and folders IN THE ROOT folder only.
2 the sub-folders of G\ should allow the creation, deletion, movng of files and folders as people wish.
3. one of the subfolders of G\ (g:\existing clients) must be set to prevent the creation, deletion and moving of files and folders within its root only. the subfolders of g:\existing clients should allow the creation , deletion and moving of files.
I have created a sec group called g_no_modify and added the said users to that group.
any help would be apreciated as i have already lost all my hair over this

Cheers

ivickerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AdamRobinsonCommented:
Apply the permissions from the first root.

Break the inheritance (but COPY the permissions downstream).

Change the permissions on the root to your restricted version.

Do the same process for your subfolder.

That should achieve what you're wanting.
0
ivickerAuthor Commented:
I have tried this already, but it still doesnt prevent me from partially moving a folder from the root to a child folder.
any other suggestions
0
AdamRobinsonCommented:
Unfortunately for "move" you have to set an explicit permisssion on the folders you don't want moved, which you'll have to stop from inheriting -- using deny to stop the move on the explicit NTFS permission.

0
ivickerAuthor Commented:
When I set the permissions, when I set the deny delete, it also prevents me from creating new folders. is there any way for this to be implemented at all?
Basicly I want my users to be able to create files and folders, but not delete them afterwards, does this make sense, is it possible? HELP!!
0
AdamRobinsonCommented:
I do not believe what you are asking to do is possible under NTFS permissions.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.