User permissions on an NTFS Share
One of the shares we have on the Win 2008 server needs special user permissions. The administrative group has full permissions to create, update and delete. This is working. The user group needs access to create a new document on the share, but not be able to update any document on the share.
I've looked at the NTFS permissions and don't see this option.
I've looked at the NTFS permissions and don't see this option.
Vinchenzo-the-Second
You can't do this. They need modify permission to do this or create files / write data special permission.
Are you asking about NTFS permission or Share permission...
YOu dont have advanced options availed for shared permission, however you can do it in NTFS folder permission
Note that Overall permission will be cumilative of Shared and NTFS
YOu dont have advanced options availed for shared permission, however you can do it in NTFS folder permission
Note that Overall permission will be cumilative of Shared and NTFS
For files that are already there you can remove access for other users and remove inheritance on the proterties and advance tab.
You then give the user to create new files but they won't be able to access the other files.
Or you can create a folder and remove access for other users and give access to that user only.
You then give the user to create new files but they won't be able to access the other files.
Or you can create a folder and remove access for other users and give access to that user only.
Setting up the folder as a Drop Folder may meet your requirements:
Drop folder. A folder where users can drop confidential reports or homework assignments that only the group manager or instructor can read.
Grant Change permission to the Users group.
Grant Full Control permission to the group manager.
Grant Write permission for the Users group that is applied to This Folder only. (This is an option available on the Advanced page.)
If each user needs to have certain permissions to the files that he or she dropped, you can create a permission entry for the Creator Owner well-known security identifier (SID) and apply it to Subfolder and files only. For example, you can grant the Read and Write permission to the Creator Owner SID on the drop folder and apply it to all subfolders and files. This grants the user who dropped or created the file (the Creator Owner) the ability to read and write to the file. The Creator Owner can then access the file through the Run command by using \\ServerName\DropFolder\Fi
Grant Full Control permission to the group manager.
From MS Technet:
http://technet.microsoft.com/en-us/library/cc754178.aspx
Drop folder. A folder where users can drop confidential reports or homework assignments that only the group manager or instructor can read.
Grant Change permission to the Users group.
Grant Full Control permission to the group manager.
Grant Write permission for the Users group that is applied to This Folder only. (This is an option available on the Advanced page.)
If each user needs to have certain permissions to the files that he or she dropped, you can create a permission entry for the Creator Owner well-known security identifier (SID) and apply it to Subfolder and files only. For example, you can grant the Read and Write permission to the Creator Owner SID on the drop folder and apply it to all subfolders and files. This grants the user who dropped or created the file (the Creator Owner) the ability to read and write to the file. The Creator Owner can then access the file through the Run command by using \\ServerName\DropFolder\Fi
Grant Full Control permission to the group manager.
From MS Technet:
http://technet.microsoft.com/en-us/library/cc754178.aspx
ASKER
Again: users should be able to creat a folder and save a new file to it, but no update to that file or any other file in that share.
Please provide a detailed description of the procedure to do this.
Please provide a detailed description of the procedure to do this.
I'm not using a English OS, so the word / proper noun maybe not match the orignal words.
If I have a English OS, I can post a screen shots. :-(
Please remove all NTFS inherited ACLs of the folder, then add the user, and click [advance], to set ACLs as below:
Full Control not check
List folder/Execute file Allow
List Folder/Read Data Allow
Read Attribute Allow
Read Extrend Attribute Allow
Create file/write data Allow
Create folder/Append Data Allow
Write Attribute Allow
Write Extend Attribute Deny
Delete file/folders Allow
Delete Allow
Read Rights Allow
Change(or Modify) Allow
Apply this settings to this folder and sub-folder and files.
If I have a English OS, I can post a screen shots. :-(
Please remove all NTFS inherited ACLs of the folder, then add the user, and click [advance], to set ACLs as below:
Full Control not check
List folder/Execute file Allow
List Folder/Read Data Allow
Read Attribute Allow
Read Extrend Attribute Allow
Create file/write data Allow
Create folder/Append Data Allow
Write Attribute Allow
Write Extend Attribute Deny
Delete file/folders Allow
Delete Allow
Read Rights Allow
Change(or Modify) Allow
Apply this settings to this folder and sub-folder and files.
ASKER
I've tried this, but when it applies, I get Access Denied messages. I've also gone in and tried applying ownership of the entire share to the administrator but I receive the same error.
How can I resolve this?
How can I resolve this?
ASKER
I restarted the server and tried reapplying the updates but I receive Access Denied on many files. What could cause this? i'm logged in as the domain administrator.
If you(Administrator) also wanto access these files, please add the user and grant the user some rights.
e.g. Please add & give the Administrators full control rights.
e.g. Please add & give the Administrators full control rights.
ASKER
I just performed that. I selected administrator@mydomain.com
How do I get full access so I can apply the rights properly?
How do I get full access so I can apply the rights properly?
You can take the ownership of the folder first.
Please create a new folder to test ACLs before you really apply to the destination folder.
I'm afraid you not familiar with NTFS ACLs so maybe do some misoperation.
If you want to restore the old NTFS ACLs, please re-inherited the ALCs from the parent folder.
Please create a new folder to test ACLs before you really apply to the destination folder.
I'm afraid you not familiar with NTFS ACLs so maybe do some misoperation.
If you want to restore the old NTFS ACLs, please re-inherited the ALCs from the parent folder.
ASKER
While logged on as the domain administrator, I've tried taking ownership of specific folders and it says I don't have security. How do I resolve this issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.