Allow create file to a folder, but deny write access to files in the folder via inheritance - possible?

Posted on 2007-08-08
Last Modified: 2013-12-04
Ok, I am having a bit of a hassle with some folder/file permissions in Windows 2003 Server, and curious if someone else has an idea. This is probably a simple solution that I am just missing. I have a folder which contains multiple (read: dozens) of files inside. I have a group of users I want to be to read all files in the folder, but cannot edit the existing files. However, I want to allow them the ability to edit and save the modified files as a new file, with a different name.

For example, I have folder A, with files 1 - 10 inside. I want to be able to allow a user to open up file 1, modify and save the file as 1-mod. The original file cannot be saved in the edited state.

Obviously I could just give read/write access to the folder, and implicitly deny write on each file, but all told there is over 3000 files in various folders I need to do this for as well as new files placed in on a daily basis by multiple people, so its not a reasonable option to manually set write-deny on each file. Is there another solution that would give the same effect, but would be set up via inheritance?
Question by:avogini
    LVL 23

    Expert Comment

    by:Malli Boppe
    try using cacls

    CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]]
                   [/P user:perm [...]] [/D user [...]]
       filename      Displays ACLs.
       /T            Changes ACLs of specified files in
                     the current directory and all subdirectories.
       /E            Edit ACL instead of replacing it.
       /C            Continue on access denied errors.
       /G user:perm  Grant specified user access rights.
                     Perm can be: R  Read
                                  W  Write
                                  C  Change (write)
                                  F  Full control
       /R user       Revoke specified user's access rights (only valid with /E).
       /P user:perm  Replace specified user's access rights.
                     Perm can be: N  None
                                  R  Read
                                  W  Write
                                  C  Change (write)
                                  F  Full control
       /D user       Deny specified user access.
    Wildcards can be used to specify more that one file in a command.
    You can specify more than one user in a command.

       CI - Container Inherit.
            The ACE will be inherited by directories.
       OI - Object Inherit.
            The ACE will be inherited by files.
       IO - Inherit Only.
            The ACE does not apply to the current file/directory.
    LVL 3

    Author Comment

    Running it will work initially to change all the files attributes, but what about the other half of the problem, where I have other (write-enabled) users adding new files every day? I need to be able to take out user-error in forgetting to set the permissions of the files. Perhaps I could set up a scheduled batch script to run daily, but I was hoping for something through Windows permissions directly. Is it not possible for the this?
    LVL 10

    Accepted Solution

    Give the parent directory this permissions

    CACLS output:
    Everyone:(OI)(CI)(special access:)

    Featured Post

    Superior storage. Superior surveillance.

    WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

    Join & Write a Comment

    In a recent article here at Experts Exchange (, I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
    Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now