Directory Structure Question

Posted on 2007-10-06
Last Modified: 2013-12-02
I'm working on a little project where we're trying to have some sort of structure to a drive letter that's being shared to the domain users.
As an example, here's the structure that we have:  
      ^       ^           ^
      |        |            |
      |        |           Third Level
      |       Second Level
     First Level

The first level: G:\01\xxxx\xxxx\xxx is supposed to be read only to the domain users.  They don't have any write/change/delete rights to this level of the tree.   (Note:  In the first tree level, there are 26 folders corresponding to the alphabet)

The second level G:\XX\01060\XXXX\XXXX\etc has essentially the same rights and restrictions as its parent folder.

The third level, G:\xx\xxxxx\20050341\etc. is where the domain users have the ability of creating folders, and files within them.  They are allowed to delete files, but not the folders.  Requests to the domain admins has to be made in order to delete the folders.

Where it gets tricky for me is I have to apply all the rules to all the folders within the first two levels of folders (which are already in place.  First level stuff is set since it corresponds with the alphabet; Second level is set right now, but potentially needs new folders in the future with the same rights as its sister folders in place).  

What I'm fearing is that there is no dynamic way that the folders and their security rights will be implemented every time a new folder is created.

Basically, my main question is the above mentioned structure even possible?  And as a bonus to my question, is it implementable in a dynamic way where Folders added on the second tree level will have the rights assigned automatically?

I know this post is rather confusing since I'm at a loss for words in describing the issue, so please post questions you may have :)

Question by:bscny
    1 Comment
    LVL 9

    Accepted Solution

    Hmm My first thought is some script to create the folder.  
    But then to ensure permissions are set properly.

    xcacls.exe is a command line tool that gives you the ability to change the acls on folders and files.

    This is the download page.  It also has instruction on where to look for the usage instructions.

    Then, you could automate the task with a scheduled task, or train the admins to use a particular command line for creating a folder.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now