[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 139
  • Last Modified:

How to protect existing files while allowing new files in a folder?

Say I have a folder called: \data

In \data, I have files and sub folders.

I want one specific user (UserAccount A)  to have full control over everything - no problem I already set that.

But I also want every OTHER user (Domain Users) to have the ability to create NEW files and folders in \data, but not OVERWRITE existing files and folders..   So in other words, they could open \data\DocumentA.doc but they would have to SAVE-AS and make a NEW file in order to save the document to \data.

I've gone in and looked at the explicit NTFS permissions but can't seem to get the right combination of file and folder permissions set in order for this to work.  

How is this possible via NTFS permissions on the server? (2003)


0
aconway
Asked:
aconway
  • 4
  • 2
1 Solution
 
iCoreKCCommented:
Go into your Advanced settings under your folder's Security Properties and edit the group / users permissions.  Here you can do an explicit deny and tweak it down to where you need it.
0
 
banks1850Commented:
create a different share and use shared folder permissions, have the other users use that share instead.
0
 
aconwayAuthor Commented:
I don't have to create a different share... not unless I HAVE to.  I wanted to know if what I asked is possible without creating a separate share.

ICore: Yes I've gone in to Advanced options and played around, but as I said "I cannot get the right combination" to make it work exactly how I'm wanted.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

 
banks1850Commented:
Sorry, I missread the qeustion.

Well, in the properties of the folder, click the advanced button.  you should be able to give read and create permissions to user groups by clicking on the group, clicking edit, and checking off the rights that you need.  I.E. read and create folder/append data and create files/add data.  If you don't give them permissions to Change that should do it for you.
0
 
aconwayAuthor Commented:
Let me explain the scenario again, because I don't think what I want to do it possible:

UserA needs full control over all of  \data and it's files and subfolders.
UserGroupX needs to be able to Read the existing files and folders in \data but not modify any of the existing files.  They need to be able to open them but have to save a new version of that file in \data without being able to overwrite the original file that's in \data.

What **SPECIFIC** permission do I set to allow Domain Users to create new files and folders in \data but not modify existing "original" files that already exist in \data?  They also need to be able to READ the existing files.

I don't think it's possible.. right now I have \data\_working and have assigned Full Permissions to UserGroupX so they can save their documents in there, then UserA can manage it further and replace the existing files in \data manually.  










0
 
banks1850Commented:
I gave that to you above, I'll elaborate.  

In advanced permissions for the "\data" subfolder you would select the drop down list for the group you want and choose this folder and sub-folders and choose the options I told you about above (I.E. create folder and create files) along with read and list attributes.
then in the same place, re-add that group and in the dropdown choose "files only" and give them read permissions.

this will effectively give them the ability to create new files in a folder and traverse the folder but not over write those files or delete anything.  Its a little painful but that should do it for you.
0
 
banks1850Commented:
Oh, also, you might have to put the deny in the files only one for edit data and add data.  I forget whether you need that or if it is implicit with the read attribute.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now