Solved

How do I make 1 users folder, it's subfolders and files read only but visible to all?

Posted on 2010-08-30
18
342 Views
Last Modified: 2012-05-10
We have a user who wants to make her User folder and it's sub-folders and files visible to all but they can only open, read and print files. She does not want to have anyone making changes to her files, copying, moving or deleting them.

The files and folders reside on a Windows 2003 Small Business R2 server. The file structure is set up as follows:

F:\
    \Folder
    \Folder
    \Folder
    \Users
          \User1
          \User2
          \User wanting Read only
               \Folder A
               \Folder B
               \Folder C
               A bunch of individual files in the root of her user folder

Is there a way I can make all of her folders visible to all, but read only to all as well? Currently, all users have full rights to her folders and files.

Thanks in advance for any help,

Mike
 
0
Comment
Question by:mmed810132
  • 7
  • 5
  • 3
  • +2
18 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 33561909
Add the "Domain Users" group to the "User wanting Read only" and set the NTFS permissions to Read Only for that group.

(Properties of the top-level folder, select the Security tab).
0
 
LVL 8

Expert Comment

by:Emptyone
ID: 33562456
You will have to remove inheritance, choose to copy the settings that are there today. If not the other users will still be in there if they have access to the folders over. And then configure them to how you want it. The owner of the folder should have full access, and then use domain users as leew wrote or use authenticated users, and give that group read-only
0
 
LVL 1

Assisted Solution

by:eric27
eric27 earned 84 total points
ID: 33562644
You cannot do what you want at alll, once a user has reading-permission for a file-object, they can also copy the file or read the content and use copy/paste to get the content somewhere else.

Apart from that & my personal opinion: a bad idea.
User-folders should be for one user only. All other files are 'group-files' have their own folder with the correct NTFS permissions.


0
 
LVL 8

Expert Comment

by:Emptyone
ID: 33562689
eric27 is right, I missed the part about copying. And as he said, you can't stop that with just NTFS/share permissions.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 166 total points
ID: 33562709
I agree with eric in that a user's folder is supposed to be private to that user. Shared files should be in a shared location. Once you give the access that you are describing the user can no longer store private documents in their folder. For example, user is a supervisor and has to do reviews.

Also, eric is correct that users could open a file and make modifications to it and save it somewhere else however they would not be able to alter the original if the folder is read only to autheniticated users (or domain users if you chose) so the original would not be altered.

Having said all that, the answer to your question would be leew's.   :)
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 33563388
> She does not want to have anyone .. copying ... them.

I missed that one word - As has been stated by others, if you can read a file, it can be copied - if you can read a book, it can be copied - by hand, by photo, by photocopy, etc. A file is no different.  If that's a requirement then the answer is a simple you cannot do that effectively.

HOWEVER, if you can make it more difficult by using Rights Management software - pictures of the screen and hand-copying can still occur, but electronic copies, with proper rights management, MAY prevent electronic copying when implemented appropriately.  
For more information, see: http://en.wikipedia.org/wiki/Rights_Management_Services
0
 

Author Comment

by:mmed810132
ID: 33571158
Sorry for the late reply to all of you.

First, I want to thank all of you for your responses. The one's I actually like the best is that if someone can read a file they can copy it and print it. I knew this beforehand, but having you experts reply as such gave me the ammo to go back to the boss's son (who authorized this) and show him what a waste of time this is.

This is actually a case of closing the barn door after the horses got out. This girl feels that since she typed up the documents, they should be left in her user folder and nobody should be able to modify them. I had made a folder called "Shared' for all documents to stored in that weren't confidential. Another co-worker needed access to some of the training files that were done by the aforementioned "Princess", and so we copied these files to the Shared folder where they should be. This is what upset the Princess, so she whined to the boss's son and being the wuss that he is, he capitulated.

I have to go now - I will report back as soon as I can sneak a few moments.

Again, thanks to all.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 166 total points
ID: 33571408
Oh that sounds way to familiar a scenario.   LOL

There is one option that MIGHT accomplish what you are after.  The author (princess) could password protect the documents against editing. This is easy to do with Microsoft office products like Word and Excel.  The caution that needs to be made here is that if for some reason the author is not around any longer you can't even delete the file without having the password.

This does not prevent copying but unless someone has a password cracking/recovery program they are not able to edit it. Those programs are available all over the internet for a reasonable price so it isn't a very good failsafe option but it is an option.
0
 

Author Comment

by:mmed810132
ID: 33572132
OK, I got to sneak back here.

Well, now it seems that when I set everything back to full access for everyone (yes, I know, not recommended, but you have to experience this place to understand!), some of the Princess's files open and some give the "cannot open document: user does not have access privileges" message. This seems to happen randomly - some Word & Excel files open and some get the preceding message.

Is this a common occurrence or am I just getting lucky?
 
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 33572181
They may have altered permissions thinking they knew what they were doing.  As the admin, you should be able to reset the permissions (make sure you check the check box in the advanced settings to apply to all sub folders and files).  If you've been locked out of the files, you may need to take ownership of everything and then reset everything (taking ownership will alter Quota info if you use Quotas!)
0
 

Author Comment

by:mmed810132
ID: 33572281
@leew,

Is that the second check box in the Advanced Security Settings (Replace permission settings on all child objects with entries shown here that apply to child objects)?

Sorry for my Newbie-ness, but I'm kind of learning on the fly.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 33572309
Yes
0
 

Author Comment

by:mmed810132
ID: 33590691
Well, somehow I managed to screw things up here. Now when I try to get into her folder from the server, nothing comes up and Windows Explorer freezes. At least I can close it through Task Manager.

A look at the Event Viewer Application log shows Event ID 1030 and 1058. I am now going to Google these events and see if I've totally hosed her folder. In case I have, would restoring from a tape backup solve the issue of some folders/files opening while others don't?
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 250 total points
ID: 33590728
In theory yes, a tape restore should restore the files and permissions...

What did you do?  Simply taking ownership and applying permissions shouldn't be causing problems - (It can "hang" explorer when there are  MANY files to process... but give it time, it comes back...
0
 

Author Comment

by:mmed810132
ID: 33591371
@leew,

I did not take ownership of her folder & files. When I tried to do so, that is when the system hung.
It seems now when I tryto right-click on any folders in Windows Explorer, it seems to hang. As I type this I had clicked on another folder and it is hanging. I will wait awhile and see if anything happens.
0
 

Author Comment

by:mmed810132
ID: 33673839
OK, I finally have time to finish this up. After all of the gyrations and machinations in setting this up, it turns out the Princess had previously asked the boss about keeping her folders/files private and he said no, those files are not private. So she does an end-around and goes to the son (the wuss) and he says OK to keep her from bothering him.

I ran dfsutils /purgemupcache and then rebooted the server and all of the error messages went away and things were back to normal. I restored her user folder from a tape backup and her files are back to where they were before this fiasco started and Windows Explorer isn't hanging.

Thanks to all that chimed in on this and gave me an education.
0
 

Author Closing Comment

by:mmed810132
ID: 33674258
A lot was learned from the expert's advise and using what they have written I will now be able to go to the powers that be here and suggest once again re-doing the file structure we have on our server.

This is a great site and I am extremely glad I signed up for it. Just being able to search the knowledge base here will be a BIG help in the future

I just wish I could award more points to the experts who responded - the knowledge gained is valuable beyond words!
0
 
LVL 26

Expert Comment

by:pony10us
ID: 33674324
So glad we were able to help and thank you for the points.  :)
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Resolve DNS query failed errors for Exchange
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now