Creating permanent top level folders in a windows file sharing evironment
Posted on 2009-05-19
Anyone have an idea for how to lock in a top level heirarchy in windows server 2003 (running active directory)? I have a share-point set up with several top level folders that have various sets of permissions. Recently I've had a request to lock down the top level heirarchy so that no one can move, rename, or delete top level folders (or add new ones). So even if "Bob" from the "Accounting" department has full write access to the items within the top level Accounting folder, he can not move, delete, or rename the folder itself.
I've experimented a little with the special permissions but haven't yet found a working scheme and easy way of implementing. Seems like it might require clever uses of the parent-child propagation option and advanced permissions management...