Solved

How do I make 1 users folder, it's subfolders and files read only but visible to all?

Posted on 2010-08-30
18
340 Views
Last Modified: 2012-05-10
We have a user who wants to make her User folder and it's sub-folders and files visible to all but they can only open, read and print files. She does not want to have anyone making changes to her files, copying, moving or deleting them.

The files and folders reside on a Windows 2003 Small Business R2 server. The file structure is set up as follows:

F:\
    \Folder
    \Folder
    \Folder
    \Users
          \User1
          \User2
          \User wanting Read only
               \Folder A
               \Folder B
               \Folder C
               A bunch of individual files in the root of her user folder

Is there a way I can make all of her folders visible to all, but read only to all as well? Currently, all users have full rights to her folders and files.

Thanks in advance for any help,

Mike
 
0
Comment
Question by:mmed810132
  • 7
  • 5
  • 3
  • +2
18 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
Comment Utility
Add the "Domain Users" group to the "User wanting Read only" and set the NTFS permissions to Read Only for that group.

(Properties of the top-level folder, select the Security tab).
0
 
LVL 8

Expert Comment

by:Emptyone
Comment Utility
You will have to remove inheritance, choose to copy the settings that are there today. If not the other users will still be in there if they have access to the folders over. And then configure them to how you want it. The owner of the folder should have full access, and then use domain users as leew wrote or use authenticated users, and give that group read-only
0
 
LVL 1

Assisted Solution

by:eric27
eric27 earned 84 total points
Comment Utility
You cannot do what you want at alll, once a user has reading-permission for a file-object, they can also copy the file or read the content and use copy/paste to get the content somewhere else.

Apart from that & my personal opinion: a bad idea.
User-folders should be for one user only. All other files are 'group-files' have their own folder with the correct NTFS permissions.


0
 
LVL 8

Expert Comment

by:Emptyone
Comment Utility
eric27 is right, I missed the part about copying. And as he said, you can't stop that with just NTFS/share permissions.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 166 total points
Comment Utility
I agree with eric in that a user's folder is supposed to be private to that user. Shared files should be in a shared location. Once you give the access that you are describing the user can no longer store private documents in their folder. For example, user is a supervisor and has to do reviews.

Also, eric is correct that users could open a file and make modifications to it and save it somewhere else however they would not be able to alter the original if the folder is read only to autheniticated users (or domain users if you chose) so the original would not be altered.

Having said all that, the answer to your question would be leew's.   :)
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
Comment Utility
> She does not want to have anyone .. copying ... them.

I missed that one word - As has been stated by others, if you can read a file, it can be copied - if you can read a book, it can be copied - by hand, by photo, by photocopy, etc. A file is no different.  If that's a requirement then the answer is a simple you cannot do that effectively.

HOWEVER, if you can make it more difficult by using Rights Management software - pictures of the screen and hand-copying can still occur, but electronic copies, with proper rights management, MAY prevent electronic copying when implemented appropriately.  
For more information, see: http://en.wikipedia.org/wiki/Rights_Management_Services
0
 

Author Comment

by:mmed810132
Comment Utility
Sorry for the late reply to all of you.

First, I want to thank all of you for your responses. The one's I actually like the best is that if someone can read a file they can copy it and print it. I knew this beforehand, but having you experts reply as such gave me the ammo to go back to the boss's son (who authorized this) and show him what a waste of time this is.

This is actually a case of closing the barn door after the horses got out. This girl feels that since she typed up the documents, they should be left in her user folder and nobody should be able to modify them. I had made a folder called "Shared' for all documents to stored in that weren't confidential. Another co-worker needed access to some of the training files that were done by the aforementioned "Princess", and so we copied these files to the Shared folder where they should be. This is what upset the Princess, so she whined to the boss's son and being the wuss that he is, he capitulated.

I have to go now - I will report back as soon as I can sneak a few moments.

Again, thanks to all.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 166 total points
Comment Utility
Oh that sounds way to familiar a scenario.   LOL

There is one option that MIGHT accomplish what you are after.  The author (princess) could password protect the documents against editing. This is easy to do with Microsoft office products like Word and Excel.  The caution that needs to be made here is that if for some reason the author is not around any longer you can't even delete the file without having the password.

This does not prevent copying but unless someone has a password cracking/recovery program they are not able to edit it. Those programs are available all over the internet for a reasonable price so it isn't a very good failsafe option but it is an option.
0
 

Author Comment

by:mmed810132
Comment Utility
OK, I got to sneak back here.

Well, now it seems that when I set everything back to full access for everyone (yes, I know, not recommended, but you have to experience this place to understand!), some of the Princess's files open and some give the "cannot open document: user does not have access privileges" message. This seems to happen randomly - some Word & Excel files open and some get the preceding message.

Is this a common occurrence or am I just getting lucky?
 
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
They may have altered permissions thinking they knew what they were doing.  As the admin, you should be able to reset the permissions (make sure you check the check box in the advanced settings to apply to all sub folders and files).  If you've been locked out of the files, you may need to take ownership of everything and then reset everything (taking ownership will alter Quota info if you use Quotas!)
0
 

Author Comment

by:mmed810132
Comment Utility
@leew,

Is that the second check box in the Advanced Security Settings (Replace permission settings on all child objects with entries shown here that apply to child objects)?

Sorry for my Newbie-ness, but I'm kind of learning on the fly.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
Yes
0
 

Author Comment

by:mmed810132
Comment Utility
Well, somehow I managed to screw things up here. Now when I try to get into her folder from the server, nothing comes up and Windows Explorer freezes. At least I can close it through Task Manager.

A look at the Event Viewer Application log shows Event ID 1030 and 1058. I am now going to Google these events and see if I've totally hosed her folder. In case I have, would restoring from a tape backup solve the issue of some folders/files opening while others don't?
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
Comment Utility
In theory yes, a tape restore should restore the files and permissions...

What did you do?  Simply taking ownership and applying permissions shouldn't be causing problems - (It can "hang" explorer when there are  MANY files to process... but give it time, it comes back...
0
 

Author Comment

by:mmed810132
Comment Utility
@leew,

I did not take ownership of her folder & files. When I tried to do so, that is when the system hung.
It seems now when I tryto right-click on any folders in Windows Explorer, it seems to hang. As I type this I had clicked on another folder and it is hanging. I will wait awhile and see if anything happens.
0
 

Author Comment

by:mmed810132
Comment Utility
OK, I finally have time to finish this up. After all of the gyrations and machinations in setting this up, it turns out the Princess had previously asked the boss about keeping her folders/files private and he said no, those files are not private. So she does an end-around and goes to the son (the wuss) and he says OK to keep her from bothering him.

I ran dfsutils /purgemupcache and then rebooted the server and all of the error messages went away and things were back to normal. I restored her user folder from a tape backup and her files are back to where they were before this fiasco started and Windows Explorer isn't hanging.

Thanks to all that chimed in on this and gave me an education.
0
 

Author Closing Comment

by:mmed810132
Comment Utility
A lot was learned from the expert's advise and using what they have written I will now be able to go to the powers that be here and suggest once again re-doing the file structure we have on our server.

This is a great site and I am extremely glad I signed up for it. Just being able to search the knowledge base here will be a BIG help in the future

I just wish I could award more points to the experts who responded - the knowledge gained is valuable beyond words!
0
 
LVL 26

Expert Comment

by:pony10us
Comment Utility
So glad we were able to help and thank you for the points.  :)
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Resolve DNS query failed errors for Exchange
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now