NTFS Permissions Question

Posted on 2013-01-08
Medium Priority
Last Modified: 2013-01-16

I have a client that wants to have a shared folder on a Windows 2003 server with special permissions. He wants all users to be able to see the contents of this folder, and to be able to create and save documents to this folder. However, he only wants the document creator to be able to make changes to said document, and all other users to have read only access. Basically, he wants it so that only the creator of the document can make changes to that document, and everyone else can only modify documents they have created themselves.

Is this something that can be done? I have played around with the permissions and have had no luck. It seems that the only way to do this would be to modify permissions on each document and define a document owner every time a new document is created. This would be a huge hassle. If anyone has any suggestions or an answer to this question it would be greatly appreciated. Thank you!
Question by:timinoldsmar
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Expert Comment

ID: 38756846
What type of documents?
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1000 total points
ID: 38756854
Yes, I believe you can do this, but you'll want to test lab it first.

Remove any write/modify permissions from any users groups and disable inheritance on the folder in question.

Now, all of the following will need to be done from the "advanced" section of the security settings. Add a new permission and set the group to the group(s) of users you want to have permissions to create new files. Set the inheritance to "this folder and subfolders." Give them the "create files/write data" permissions, as well as the various read permissions. This will allow the users to create new files without problem and whoever creates the file will be considered the "owner." The inheritance of "folder and subfolders" will *prevent* this group from getting write permissions to any files though.

Second, add a new permission for the user "Creator Owner." Set the inheritance to "folders, subfolders, and files." And then give that the permissions to all of the various write permissions. This will allow the owner to modify their own files as the inheritance will carry down all the way to the file level, including newly created files.

Good luck.

LVL 70

Expert Comment

ID: 38757248
What are the documents ?

Recent versions of Microsoft Office have the ability to protect documents and restrict editing - this may do what you want

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.


Author Comment

ID: 38767484
Thanks for the answers. I am going to test out cgaliher's solution because I don't know what type of documents they will be creating. It could be anything from WordPerfect to Word to Excel to OpenOffice.

Author Comment

ID: 38767719

Your solution is good, but here is the problem. Only the creators of the files can see them and modify them. I need all the users to be able to open the files, but not make any changes. With your solution, the permissions on any new files get set so that only the creator of the file can open it and edit it. Is there a way to do this where other users can also open the files but be restricted from modifying them?
LVL 59

Accepted Solution

Cliff Galiher earned 1000 total points
ID: 38768462
Sure. Add a third advanced permission. The group is all the users you want to have read access. The inheritance is folders. Subfolders. And files. And the permissions are the read permissions.

Again, inheritance will kick in for newly created files and permissions are cumulative. Should mean that new files get read permissions for all users and modify permissions for just the creator owner.

Author Comment

ID: 38784222

That worked. I had to play around the permissions a little on CREATOR OWNER and was able to get the results I was pushing for when I just gave them full permission. Now when someone creates a file, they can do whatever they want to it, and other users can only read it. Your last post with the suggestion to add another advanced permission for my group with only read access is what really got things going though. I have accepted your solution. Thank you!

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question