jimcallan
asked on
Server 2008 - Enforcing read only on folders
In our second level school we have a Server 2008 with Active Directory where students are organised into 6 organisational units based on year of enrollment. They have access, in My Computer, to their home folder and also to an Assignments folder. Teachers also have access to the Assignments folder. I want to ensure students have read only access to the Assignments while Teachers have read/write/create.
At the moment students can delete folder/files which is a pain.
At the moment students can delete folder/files which is a pain.
"At the moment students can delete folder/files which is a pain." For which folder you want this please elaborate
Try using "deny" instead of "grant"
ASKER
Folowing on from Orbis post above I have just realised that students are members of the administrators group so I have denied that group all except Read. I will check tomorrow and see if that works.
ASKER
Nope - that did not work
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If I drag and drop all student org units into a security group can I then deny write access to the sec group - would that work?
ASKER
If I drap and drop all student org units into a security group and then deny write to the security grp - would that work?
ASKER
If I drap & drop all student org units into a security group and deny write to the sec grp would that work?
You must add all student object into security group. Well deny takes precedence on allow so it will work.