Creating permanent top level folders in a windows file sharing evironment

Anyone have an idea for how to lock in a top level heirarchy in windows server 2003 (running active directory)? I have a share-point set up with several top level folders that have various sets of permissions. Recently I've had a request to lock down the top level heirarchy so that no one can move, rename, or delete top level folders (or add new ones). So even if "Bob" from the "Accounting" department has full write access to the items within the top level Accounting folder, he can not move, delete, or rename the folder itself.

I've experimented a little with the special permissions but haven't yet found a working scheme and easy way of implementing. Seems like it might require clever uses of the parent-child propagation option and advanced permissions management...
Who is Participating?
CoccoBillConnect With a Mentor Commented:
You need to set up a hierarchy something like this using the advanced ACL editor:

- Root level: traverse, list and read for domain users (so that new folders cannot be created)
- Target level aka the read-only folders: traverse, list and read for domain users, apply to this folder only
- Subdirectories: uncheck include inherited permissions, manually set permissions as needed
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.