Inherited Special Permissions in 2003 not Pushed to New Documents

We have folders that certain people have special permissions too.  As in they can add files and folders to the folder, but they can't delete anything.  So this group has allow and deny special permissions.  The systems, and admin groups have full control, along with a couple of other individuals.  The folder and the documents in the folder are working the way we want.  But when someone creates a folder and adds a document in that folder, the document only shows system and admin as the only people that have rights to do anything with that document.  I ran the "Replace Permissions on childern" and that didn't do anything.  I would need to delete the permissions and redo them.  Also the new folder that has the document has the correct inherited permissions.  
Am I missing something with setting the permissions, or do I need to set permissions everytime someone puts a new folder out that with documents.

Thanks,
Chris
cjgalvinAsked:
Who is Participating?
 
zelron22Connect With a Mentor Commented:
They should, as long as the "apply onto" and inheritance are set right.  If you post a screenshot of both a parent folder and sub folder, I can probably see the problem.
0
 
zelron22Commented:
It sounds like the permissions are applied only to "This folder and files" instead of "this folder, subfolder, and files" or "subfolder and files only".

So the users need modify on the subfolders and files.  Deny permissions are tricky, because they take precedence over everything except explicit permissions.  So if you give deny to domain users, then domain users won't have access even if they're in a group that has inherited allow permissions.

So, look in the advanced permissions, and at the properties of one of those permissions, and you'll see the drop down that has options for "this folder only, this folder and subfolders, etc."

0
 
cjgalvinAuthor Commented:
Thanks for the response.  I looked at the options.  On the parent folder they are all set to "This folder, subfolders, and Files".  But when I create a subfolder the same settings are now set to "This Folder only", and it is greyed out.  The only ones that have access to subfolders and files is the ones that have full control(systems and admin).  I'm using a global group to set the permissions.  For deny I selected "delete" and "delete subfolders and files", and I selected modify to allow instead of the special permissions.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
zelron22Commented:
I recommend against using the deny permissions, they tend to cause more headaches than their worth.  It's better to set read-only permissions, unless you have a specific reason.  

Can you take a screenshot of the advanced permissions on the parent folder and on a sub folder?  Feel free to black out user/domain names, etc.
0
 
cjgalvinAuthor Commented:
I would like to just use read-only, but the users need to be able to move files to the folders, but not delete them, or edit them.  It looks like special permissions don't get pushed all the way down.  I would have to edit the permissions everytime a subfolder is created.  

So I guess my next question would be, Do you know of a way users can add but not edit or delete to all subfolders?

Thanks Again.  
0
 
cjgalvinAuthor Commented:
OK,
I figured it out.  I set modify in Security.  Then went into advanced and removed write attributes and delete.  Then pushed it down to subfolders.  This worked.  You were right, that deny option was the problem.  Thanks again for you help.
0
 
zelron22Commented:
The create file / write data permission should allow them to create files but not modify them.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.