We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


User permissions on an NTFS Share

Medium Priority
Last Modified: 2012-05-11
One of the shares we have on the Win 2008 server needs special user permissions. The administrative group has full permissions to create, update and delete. This is working. The user group needs access to create a new document on the share, but not be able to update any document on the share.

I've looked at the NTFS permissions and don't see this option.
Watch Question

Top Expert 2011

You can't do this.  They need modify permission to do this or create files / write data special permission.
Vipin VasudevanInfrastructure Specialist

Are you asking about NTFS permission or Share permission...

YOu dont have advanced options availed for shared permission, however you can do it in NTFS folder permission

Note that Overall permission will be cumilative of Shared and NTFS  
Sikhumbuzo NtsadaIT Administration

For files that are already there you can remove access for other users and remove inheritance on the proterties and advance tab.

You then give the user to create new files but they won't be able to access the other files.

Or you can create a folder and remove access for other users and give access to that user only.
Top Expert 2007

Setting up the folder as a Drop Folder may meet your requirements:

Drop folder. A folder where users can drop confidential reports or homework assignments that only the group manager or instructor can read.
Grant Change permission to the Users group.
Grant Full Control permission to the group manager.
Grant Write permission for the Users group that is applied to This Folder only. (This is an option available on the Advanced page.)

If each user needs to have certain permissions to the files that he or she dropped, you can create a permission entry for the Creator Owner well-known security identifier (SID) and apply it to Subfolder and files only. For example, you can grant the Read and Write permission to the Creator Owner SID on the drop folder and apply it to all subfolders and files. This grants the user who dropped or created the file (the Creator Owner) the ability to read and write to the file. The Creator Owner can then access the file through the Run command by using \\ServerName\DropFolder\FileName.

Grant Full Control permission to the group manager.

From MS Technet:


Again: users should be able to creat a folder and save a new file to it, but no update to that file or any other file in that share.

Please provide a detailed description of the procedure to do this.

I'm not using a English OS, so the word / proper noun maybe not match the orignal words.
If I have a English OS, I can post a screen shots. :-(

Please remove all NTFS inherited ACLs of the folder, then add the user, and click [advance], to set ACLs as below:
     Full Control                      not check
     List folder/Execute file    Allow
     List Folder/Read Data      Allow
     Read Attribute                  Allow
     Read Extrend Attribute    Allow
     Create file/write data       Allow
     Create folder/Append Data    Allow
      Write Attribute                 Allow
      Write Extend Attribute     Deny  
      Delete file/folders            Allow
      Delete                              Allow
      Read Rights                     Allow
       Change(or Modify)         Allow

Apply this settings to this folder and sub-folder and files.


I've tried this, but when it applies, I get Access Denied messages. I've also gone in and tried applying ownership of the entire share to the administrator but I receive the same error.

How can I resolve this?


I restarted the server and tried reapplying the updates but I receive Access Denied on many files. What could cause this? i'm logged in as the domain administrator.

If you(Administrator) also wanto access these files, please add the user and grant the user some rights.
e.g. Please add & give the Administrators full control rights.


I just performed that. I selected administrator@mydomain.com and edited the permissons so everything was selected. Abount three quates through, I started received Access is Denied on about 100 seperate files. Some pdf's, docs. xls...

How do I get full access so I can apply the rights properly?

You can take the ownership of the folder first.

Please create a new folder to test ACLs before you really apply to the destination folder.
I'm afraid you not familiar with NTFS ACLs so maybe do some misoperation.

If you want to restore the old NTFS ACLs, please re-inherited the ALCs from the parent folder.


While logged on as the domain administrator, I've tried taking ownership of specific folders and it says I don't have security. How do I resolve this issue?
Unlock this solution and get a sample of our free trial.
(No credit card required)
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.