Inconsistent permissions on shared folders
Posted on 2009-04-07
I have a problem with the permissions on an NTFS formatted partition. The client has a shared data folder on Windows 2003 R2 and nested subfolders going down several levels.
The problem is that a particular user is able to move (I am aware that there is a difference between moving and copying; my question is only related to moving the file) a file to a folder higher up to which they should be restricted through NTFS permissions. They cannot reverse this action as, ironically, they do not have sufficent perms to edit or move the file as it is now inheriting perms from it's folder.
There are several global and domain local groups in use but I have established the individual's permissions using the 'effective permissions' tool in folder properties. They are, as follows:
Top-Level Folder: User's effective perms: List/Read, Read Perms, Change Perms
Nested sub-folder 1: User's effective perms: Traverse/Execute, List/Read, Read Attribs, Read extended attribs, Read perms.
Nested sub-folder 2: User's effective perms: Full control
File1: User's perms: Full control (inherited)
The user is able to move File1 to Top-Level Folder but then cannot move it back. We are trying to restrict the user from being able to create, add or edit file content in any way on the top level whilst granting more liberal rights lower down.
Question:: Why can the user move the file when they only have list/read perms on the destination folder?
Any suggestions experts?