?
Solved

User permissions on an NTFS Share

Posted on 2011-04-28
13
Medium Priority
?
700 Views
Last Modified: 2012-05-11
One of the shares we have on the Win 2008 server needs special user permissions. The administrative group has full permissions to create, update and delete. This is working. The user group needs access to create a new document on the share, but not be able to update any document on the share.

I've looked at the NTFS permissions and don't see this option.
0
Comment
Question by:Tony Giangreco
13 Comments
 
LVL 14

Expert Comment

by:Vinchenzo-the-Second
ID: 35483537
You can't do this.  They need modify permission to do this or create files / write data special permission.
0
 
LVL 6

Expert Comment

by:Vipin Vasudevan
ID: 35483558
Are you asking about NTFS permission or Share permission...

YOu dont have advanced options availed for shared permission, however you can do it in NTFS folder permission

Note that Overall permission will be cumilative of Shared and NTFS  
0
 
LVL 17

Expert Comment

by:Sikhumbuzo Ntsada
ID: 35483606
For files that are already there you can remove access for other users and remove inheritance on the proterties and advance tab.

You then give the user to create new files but they won't be able to access the other files.

Or you can create a folder and remove access for other users and give access to that user only.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 27

Expert Comment

by:michko
ID: 35483694
Setting up the folder as a Drop Folder may meet your requirements:

Drop folder. A folder where users can drop confidential reports or homework assignments that only the group manager or instructor can read.
Grant Change permission to the Users group.
Grant Full Control permission to the group manager.
Grant Write permission for the Users group that is applied to This Folder only. (This is an option available on the Advanced page.)

If each user needs to have certain permissions to the files that he or she dropped, you can create a permission entry for the Creator Owner well-known security identifier (SID) and apply it to Subfolder and files only. For example, you can grant the Read and Write permission to the Creator Owner SID on the drop folder and apply it to all subfolders and files. This grants the user who dropped or created the file (the Creator Owner) the ability to read and write to the file. The Creator Owner can then access the file through the Run command by using \\ServerName\DropFolder\FileName.

Grant Full Control permission to the group manager.

From MS Technet:
http://technet.microsoft.com/en-us/library/cc754178.aspx

0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 35483772
Again: users should be able to creat a folder and save a new file to it, but no update to that file or any other file in that share.

Please provide a detailed description of the procedure to do this.
0
 
LVL 7

Expert Comment

by:huacat
ID: 35484450
I'm not using a English OS, so the word / proper noun maybe not match the orignal words.
If I have a English OS, I can post a screen shots. :-(

Please remove all NTFS inherited ACLs of the folder, then add the user, and click [advance], to set ACLs as below:
     Full Control                      not check
     List folder/Execute file    Allow
     List Folder/Read Data      Allow
     Read Attribute                  Allow
     Read Extrend Attribute    Allow
     Create file/write data       Allow
     Create folder/Append Data    Allow
      Write Attribute                 Allow
      Write Extend Attribute     Deny  
      Delete file/folders            Allow
      Delete                              Allow
      Read Rights                     Allow
       Change(or Modify)         Allow

Apply this settings to this folder and sub-folder and files.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 35487388
I've tried this, but when it applies, I get Access Denied messages. I've also gone in and tried applying ownership of the entire share to the administrator but I receive the same error.

How can I resolve this?
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 35488430
I restarted the server and tried reapplying the updates but I receive Access Denied on many files. What could cause this? i'm logged in as the domain administrator.
0
 
LVL 7

Expert Comment

by:huacat
ID: 35488465
If you(Administrator) also wanto access these files, please add the user and grant the user some rights.
e.g. Please add & give the Administrators full control rights.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 35488530
I just performed that. I selected administrator@mydomain.com and edited the permissons so everything was selected. Abount three quates through, I started received Access is Denied on about 100 seperate files. Some pdf's, docs. xls...

How do I get full access so I can apply the rights properly?
0
 
LVL 7

Expert Comment

by:huacat
ID: 35488633
You can take the ownership of the folder first.

Please create a new folder to test ACLs before you really apply to the destination folder.
I'm afraid you not familiar with NTFS ACLs so maybe do some misoperation.

If you want to restore the old NTFS ACLs, please re-inherited the ALCs from the parent folder.
0
 
LVL 25

Author Comment

by:Tony Giangreco
ID: 35492404
While logged on as the domain administrator, I've tried taking ownership of specific folders and it says I don't have security. How do I resolve this issue?
0
 
LVL 7

Accepted Solution

by:
huacat earned 2000 total points
ID: 35492617
Currently the who is the ownership?
or
if the folder create by a local administrator, Can you try loggon as local administrator and try it again?

Can you logon as  as normal user, then create a new empty folder, and logout and logon as domain administrator to get ownership of the new folder. If you still get the security error, please check your group policies and other security settings.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question