Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Submissions folder for students: Write but not change or delete

Posted on 2011-02-16
7
Medium Priority
?
749 Views
Last Modified: 2012-05-11
I am looking to create folders for students to be able to save a copy of their work for review by the teacher. I would like them to be able to place a file in that folder but not delete or change that saved file. Additionally I would like to keep them out of each other's submission folders. I would also like to have a map to that folder.

Is there any way to do this? I have already created the folders in a shared folder and assigned the maps using group policy but every time I give them enough rights to be able to read and write to their folders, they can then delete and modify the files. Even if I specifically deny delete I still have the problem. When I give them only write access, it kinda works, but they can't actually navigate to the folder, see the contents, or map the drive. (They can copy a file to the folder and if they try it a second time they get a "folder exists error").

The clients are all windows xp with Group Policy Preference Client Side Extensions installed.

Any help or guidance would be appreciated.
0
Comment
Question by:bismarkbalt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 3

Accepted Solution

by:
Richard2k4 earned 2000 total points
ID: 34909604
look under the special permissions on those folders.  You can give them read/write but not append.  You can also specify that a user cannot delete.
0
 

Author Comment

by:bismarkbalt
ID: 34910139
Thank you Richard,

I can't play with it till tomorrow morning, but, as an example, for user nmosk3557, shouldn't the /deny in "icacls c:\users\Submissions$\nmosk3557 .....   /deny nmosk3557:(WDAC,WO,D) ...." block the delete?

The deny shows up when you view special permissions, but it does day "This folder only" does that mean if they create a file or folder below this that they will be able to delete?

Is there a way to automate this with icacls so that sub-directories created later will have the same "deletablity"?
0
 
LVL 3

Expert Comment

by:Richard2k4
ID: 34910245
icacls c:\users\Submissions$\nmosk3557 .....   /deny nmosk3557:(AD,WDAC,WO,D)

the AD sets Append Data/Add Subdirectory    I think the append data deny may block changes

I'll have to look it up to confirm



yes.... use /T to hit all directories and files.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:bismarkbalt
ID: 34910563
Thank you again.
Will check it tom.
Did some more reading, do I need (OI)(CI) also?
eg:
icacls c:\users\Submissions\nmosk3557 /grant:r managers:(OI)(CI)F /grant:r nmosk3557:(OI)(CI)RW /deny nmosk3557:(OI)(CI)(AD,WDAC,WO,D) /remove everyone /t >>c:\results.txt
0
 
LVL 3

Expert Comment

by:Richard2k4
ID: 34911025
I think the /T covers it, but I could be wrong.
0
 

Author Comment

by:bismarkbalt
ID: 34919806
In the end, the following worked:

icacls c:\users\Submissions\sbrom3345 /grant:r administrators:(OI)(CI)RXW /grant:r managers:(OI)(CI)RXW /grant:r sbrom3345:(OI)(CI)RXW /deny sbrom3345:(OI)(CI)(AD,WDAC,WO,D,DC) /remove everyone /t >>c:\results.txt

For some reason, i could not map the drive from group policy with RW and needed RXW before it would show.

Thank you for your help!!!!
0
 

Author Closing Comment

by:bismarkbalt
ID: 34919816
Thanks for you help and attention.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question