guruerror
asked on
NTFS Permissions
I thought I had a good handle on NTFS permissions, but I'm missing something...probably something obvious...hence this post.
I have a folder on a Windows 2003 Standard server that is shared and maps to a drive letter (G:) for all Domain Users. This folder (hereafter referred to as G:) contains subfolders (hereafter referred to as 'project folders') for each project that our company works on.
I want to configure G: so that Domain Users CANNOT create new files/folders or rename/delete/move project folders that already exist at this location. We want to lock G: down in this manner so that IT controls the creation and naming conventions of everything at this location and users will not be able to 'accidentally' move/delete project folders when frantically clicking.
Subsequently we want Domain Users to have the ability to 'modify' anything within the project folders. Project files contained in project folders are theirs to organize, create, delete, etc. in whatever manner they see fit.
What is the best way to configure the NTFS permissions to achieve this?
Thanks in advance.
I have a folder on a Windows 2003 Standard server that is shared and maps to a drive letter (G:) for all Domain Users. This folder (hereafter referred to as G:) contains subfolders (hereafter referred to as 'project folders') for each project that our company works on.
I want to configure G: so that Domain Users CANNOT create new files/folders or rename/delete/move project folders that already exist at this location. We want to lock G: down in this manner so that IT controls the creation and naming conventions of everything at this location and users will not be able to 'accidentally' move/delete project folders when frantically clicking.
Subsequently we want Domain Users to have the ability to 'modify' anything within the project folders. Project files contained in project folders are theirs to organize, create, delete, etc. in whatever manner they see fit.
What is the best way to configure the NTFS permissions to achieve this?
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I don't know of a native way to accomplish that. What they're doing is writing files under one project folder and deleting them from under another. If those are functions you normally want them to perform then there isn't a way to prohibit them just for dragging and dropping.
ASKER
For instance if an Authenticated User drags PROJECT01 and drops it on PROJECTS02 (accidentally, of course) the system will create a PROJECTS01 in PROJECTS02 and move all the contents of G:\PROJECTS01 to G:\PROJECTS02\PROJECTS01. Granted it will not delete the original (and now empty) PROJECTS01, but I'm trying to find a way to have it disallow the move in general.