Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 349
  • Last Modified:

How do I make 1 users folder, it's subfolders and files read only but visible to all?

We have a user who wants to make her User folder and it's sub-folders and files visible to all but they can only open, read and print files. She does not want to have anyone making changes to her files, copying, moving or deleting them.

The files and folders reside on a Windows 2003 Small Business R2 server. The file structure is set up as follows:

F:\
    \Folder
    \Folder
    \Folder
    \Users
          \User1
          \User2
          \User wanting Read only
               \Folder A
               \Folder B
               \Folder C
               A bunch of individual files in the root of her user folder

Is there a way I can make all of her folders visible to all, but read only to all as well? Currently, all users have full rights to her folders and files.

Thanks in advance for any help,

Mike
 
0
mmed810132
Asked:
mmed810132
  • 7
  • 5
  • 3
  • +2
6 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Add the "Domain Users" group to the "User wanting Read only" and set the NTFS permissions to Read Only for that group.

(Properties of the top-level folder, select the Security tab).
0
 
EmptyoneCommented:
You will have to remove inheritance, choose to copy the settings that are there today. If not the other users will still be in there if they have access to the folders over. And then configure them to how you want it. The owner of the folder should have full access, and then use domain users as leew wrote or use authenticated users, and give that group read-only
0
 
eric27Commented:
You cannot do what you want at alll, once a user has reading-permission for a file-object, they can also copy the file or read the content and use copy/paste to get the content somewhere else.

Apart from that & my personal opinion: a bad idea.
User-folders should be for one user only. All other files are 'group-files' have their own folder with the correct NTFS permissions.


0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
EmptyoneCommented:
eric27 is right, I missed the part about copying. And as he said, you can't stop that with just NTFS/share permissions.
0
 
pony10usCommented:
I agree with eric in that a user's folder is supposed to be private to that user. Shared files should be in a shared location. Once you give the access that you are describing the user can no longer store private documents in their folder. For example, user is a supervisor and has to do reviews.

Also, eric is correct that users could open a file and make modifications to it and save it somewhere else however they would not be able to alter the original if the folder is read only to autheniticated users (or domain users if you chose) so the original would not be altered.

Having said all that, the answer to your question would be leew's.   :)
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
> She does not want to have anyone .. copying ... them.

I missed that one word - As has been stated by others, if you can read a file, it can be copied - if you can read a book, it can be copied - by hand, by photo, by photocopy, etc. A file is no different.  If that's a requirement then the answer is a simple you cannot do that effectively.

HOWEVER, if you can make it more difficult by using Rights Management software - pictures of the screen and hand-copying can still occur, but electronic copies, with proper rights management, MAY prevent electronic copying when implemented appropriately.  
For more information, see: http://en.wikipedia.org/wiki/Rights_Management_Services
0
 
mmed810132Author Commented:
Sorry for the late reply to all of you.

First, I want to thank all of you for your responses. The one's I actually like the best is that if someone can read a file they can copy it and print it. I knew this beforehand, but having you experts reply as such gave me the ammo to go back to the boss's son (who authorized this) and show him what a waste of time this is.

This is actually a case of closing the barn door after the horses got out. This girl feels that since she typed up the documents, they should be left in her user folder and nobody should be able to modify them. I had made a folder called "Shared' for all documents to stored in that weren't confidential. Another co-worker needed access to some of the training files that were done by the aforementioned "Princess", and so we copied these files to the Shared folder where they should be. This is what upset the Princess, so she whined to the boss's son and being the wuss that he is, he capitulated.

I have to go now - I will report back as soon as I can sneak a few moments.

Again, thanks to all.
0
 
pony10usCommented:
Oh that sounds way to familiar a scenario.   LOL

There is one option that MIGHT accomplish what you are after.  The author (princess) could password protect the documents against editing. This is easy to do with Microsoft office products like Word and Excel.  The caution that needs to be made here is that if for some reason the author is not around any longer you can't even delete the file without having the password.

This does not prevent copying but unless someone has a password cracking/recovery program they are not able to edit it. Those programs are available all over the internet for a reasonable price so it isn't a very good failsafe option but it is an option.
0
 
mmed810132Author Commented:
OK, I got to sneak back here.

Well, now it seems that when I set everything back to full access for everyone (yes, I know, not recommended, but you have to experience this place to understand!), some of the Princess's files open and some give the "cannot open document: user does not have access privileges" message. This seems to happen randomly - some Word & Excel files open and some get the preceding message.

Is this a common occurrence or am I just getting lucky?
 
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
They may have altered permissions thinking they knew what they were doing.  As the admin, you should be able to reset the permissions (make sure you check the check box in the advanced settings to apply to all sub folders and files).  If you've been locked out of the files, you may need to take ownership of everything and then reset everything (taking ownership will alter Quota info if you use Quotas!)
0
 
mmed810132Author Commented:
@leew,

Is that the second check box in the Advanced Security Settings (Replace permission settings on all child objects with entries shown here that apply to child objects)?

Sorry for my Newbie-ness, but I'm kind of learning on the fly.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Yes
0
 
mmed810132Author Commented:
Well, somehow I managed to screw things up here. Now when I try to get into her folder from the server, nothing comes up and Windows Explorer freezes. At least I can close it through Task Manager.

A look at the Event Viewer Application log shows Event ID 1030 and 1058. I am now going to Google these events and see if I've totally hosed her folder. In case I have, would restoring from a tape backup solve the issue of some folders/files opening while others don't?
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
In theory yes, a tape restore should restore the files and permissions...

What did you do?  Simply taking ownership and applying permissions shouldn't be causing problems - (It can "hang" explorer when there are  MANY files to process... but give it time, it comes back...
0
 
mmed810132Author Commented:
@leew,

I did not take ownership of her folder & files. When I tried to do so, that is when the system hung.
It seems now when I tryto right-click on any folders in Windows Explorer, it seems to hang. As I type this I had clicked on another folder and it is hanging. I will wait awhile and see if anything happens.
0
 
mmed810132Author Commented:
OK, I finally have time to finish this up. After all of the gyrations and machinations in setting this up, it turns out the Princess had previously asked the boss about keeping her folders/files private and he said no, those files are not private. So she does an end-around and goes to the son (the wuss) and he says OK to keep her from bothering him.

I ran dfsutils /purgemupcache and then rebooted the server and all of the error messages went away and things were back to normal. I restored her user folder from a tape backup and her files are back to where they were before this fiasco started and Windows Explorer isn't hanging.

Thanks to all that chimed in on this and gave me an education.
0
 
mmed810132Author Commented:
A lot was learned from the expert's advise and using what they have written I will now be able to go to the powers that be here and suggest once again re-doing the file structure we have on our server.

This is a great site and I am extremely glad I signed up for it. Just being able to search the knowledge base here will be a BIG help in the future

I just wish I could award more points to the experts who responded - the knowledge gained is valuable beyond words!
0
 
pony10usCommented:
So glad we were able to help and thank you for the points.  :)
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 5
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now