Link to home
Start Free TrialLog in
Avatar of jimcallan
jimcallan

asked on

Server 2008 - Enforcing read only on folders

In our second level school we have a Server 2008 with Active Directory where students are organised into 6 organisational units based on year of enrollment. They have access, in My Computer,  to their home folder and also to an Assignments folder. Teachers also have access to the Assignments folder. I want to ensure students have read only access to the Assignments while Teachers have read/write/create.
At the moment students can delete folder/files which is a pain.
Avatar of Ganpar
Ganpar
Flag of India image

"At the moment students can delete folder/files which is a pain." For which folder you want this please elaborate
Try using "deny" instead of "grant"
Avatar of jimcallan
jimcallan

ASKER

Folowing on from Orbis post above I have just realised that students are members of the administrators group so I have denied that group all except Read. I will check tomorrow and see if that works.
Nope - that did not work
ASKER CERTIFIED SOLUTION
Avatar of Ganpar
Ganpar
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If I drag and drop all student org units into a security group can I then deny write access to the sec group - would that work?
If I drap and drop all student org units into a security group and then deny write to the security grp - would that work?
If I drap & drop all student org units into a security group and deny write to the sec grp would that work?
You must add all student object into security group. Well deny takes precedence on allow so it will work.