• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 215
  • Last Modified:

Set Folder permission

I had tried several times base on the existing same topics in the forum, but I still unable to get it done. I wanted to create a 'TEST' folder. Inside test folder there are 'A' folder and 'B' folder.
Everyone should be able to create folder/file in 'TEST' folder. 'A' folder can read/write by userA, other people can only read from 'A' folder. UserB can only access/change in folder 'B', he should not goto folder 'A'.
Pls advise me how to do this, I am confuse after some testing.
1 Solution
Casey WeaverNetwork EngineerCommented:
Create the TEST folder. Under Security add the account group that includes all the users you want to be able to have control (such as Domain Users) or just use Everyone (not as secure). Give them all the permissions except Modify (unless you want them to be able to delete). Create folder A. Assign the user to the folder and give them the permissions (such as full control or whatever you like), then add the Everyone Group (or Domain Users, whatever your setup may be), and just tick the Read permission box (or Read and Execute if there's programs inside). Add User B, and then select the Deny box for them to be able to read/list. Go into advanced permissions and uncheck inherit permissions. Do the same when setting up User B's folder.

A quick way if your working in a home environment is to add the "UserA" and "UserB" to the "Test" folder with read permissions.

Select the sub folder A and remove all but administrator(s) and add UserA with read/write and administrators with Full Control. Remove all others. Highlight USERA and Administrators after selecting correct permissions and click apply.  Rinse and repeat for Sub Folder B and UserB.

As for a network environment you might consider using security groups. The same proceess only your creating a Global Security Group and adding users to the group. The group is then applied to the Folders in the same fashion. As an example you would have 3 Security groups A top level group named TEST. Inside group TEST would be two security groups Group_A and Group_B. Inside Group_A and Group_B would be User_A and User_B in their respective groups. As a recommendation I would add an administrator(s) group to all three security groups also.

Apply the group TEST in the same fashion as above with read permissions. Then on to the sub folders where you apply only the proper Security Group Group_A or Group_B to Sub Folder A and Sub Folder B. Make sure to highlight or select the groups in the dialog box after selecting permissions and before clicking apply.

A user that has been individually applied permissions in an incorrect way in an Enterprise environment can potentially be given permissions not intended. And as a result may have access to folders not intended for them to view. Microsoft best practice is to use Security Groups. I know it's a bit of information.


Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now