Active Directory Folder Permissions

Posted on 2007-04-11
Medium Priority
Last Modified: 2013-12-04
We are Using Windows 2003 Server with Active Directory

The question is we have a folder below the Home folder (Home = Users)

So someone made a folder below the HOME(USERS) called PCP

Then 3 other folders were made.  Below is the example of what we are trying to accomplish.
As of now since the permissions for GroupShareUser are inherited it shows that Joe can Write to Sue and Marks folder.  We want Joe to only be able to Write to his folder but read the content in all other folders.
Can we deny the Write permission for the GroupShareUser and then the Folder Level User Write permissions for Joe will Take control?


Joe FOlder

Sue FOlder

Mark FOlder

JOe should be able to Read/W/E in Joe FOlder  BUt can only Read Sue and Mark FOlder

Sure should be able to READ/W/E in Sue Folder But can only Read Joe and Mark Folder
Question by:cybersharks1
1 Comment
LVL 67

Accepted Solution

sirbounty earned 500 total points
ID: 18893301
Unless you're going to explicitly deny every user (don't deny Everyone from writing - that'll include Joe!), you are better off just not adding those rights...

In other words, remove inheritence from Joe
Then under Security/Advanced, edit the permissions (copy) and remove anyone besides Joe that doesn't need any access.
You can then come back in and Add Everyone:Read if needed...

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
The Windows Firewall provides an important layer of protection and a rich interface to configure it. Unfortunately, it lacks item level filtering. This article details my process of implementing firewall-as-code to reduce GPO bloat.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question