Folder / Subfolder Permissions Issues

Hello,

I'm having issues setting permissions for one of my clients. They have a large folder with over 2000 client subfolders.

They want everyone to see the folders, only specific users to create new folders, but all subfolders should be able to be edited.

For example:

M:/Clients/TestClient/2007/
M:/Clients/TestClient/2008/
M:/Clients/TestClient/2009/

Our users should not be able to create a folder directly under the "clients" folder but SHOULD be able create the next 2010 subfolder. A seperate group of users should be able to create additional client folders. Is this possible?
qualityipAsked:
Who is Participating?
 
Kent DyerConnect With a Mentor IT Security Analyst SeniorCommented:
Look at the use of CACLS then..

http://ss64.com/nt/cacls.html

Read carefully the Examples and there are examples for Read-only, Write, etc.

HTH,

Kent
0
 
Kent DyerIT Security Analyst SeniorCommented:
is each client or rather each client's login a number like the 2007 shown above?

Then, if that is the case, you will need to use a combination of DIR, FOR..IN..DO with XCALC to apply the perms you need..

Something like..

http://www.robvanderwoude.com/forshare.php

I think this what you are looking for..

Two things to keep in mind..
%%A the A is case-sensitive
%% is necessary in Batch Script..  From a command-line, you will want to use: %..


HTH,

Kent
0
 
qualityipAuthor Commented:
No,  the "TestClient" folder would be our customer. All of our users need to see this folder. The problem is that our users keep creating bad customer folders.

We want our users to be able to see and edit the data and create folders within the subfolders but not create new customer folders on the top level.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
qualityipAuthor Commented:
I figured it out! First I applied the permissions to all child objects then removed inheritance and changed the first level.
0
 
qualityipAuthor Commented:
Okay, maybe not. The folder permissions are correct but all of the documents and data there is read-only.
0
 
David Johnson, CD, MVPOwnerCommented:
If you follow this video it will be exactly as you want

icacls clients output
clients
        WIN7VMWARE1\Standard User:(OI)(CI)(RX)
        BUILTIN\Administrators:(OI)(CI)(F)
        NT AUTHORITY\SYSTEM:(OI)(CI)(F)
Successfully processed 1 files; Failed processing 0 files
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.