Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


NTFS Permissions Question

Posted on 2013-01-08
Medium Priority
Last Modified: 2013-01-16

I have a client that wants to have a shared folder on a Windows 2003 server with special permissions. He wants all users to be able to see the contents of this folder, and to be able to create and save documents to this folder. However, he only wants the document creator to be able to make changes to said document, and all other users to have read only access. Basically, he wants it so that only the creator of the document can make changes to that document, and everyone else can only modify documents they have created themselves.

Is this something that can be done? I have played around with the permissions and have had no luck. It seems that the only way to do this would be to modify permissions on each document and define a document owner every time a new document is created. This would be a huge hassle. If anyone has any suggestions or an answer to this question it would be greatly appreciated. Thank you!
Question by:timinoldsmar
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Expert Comment

ID: 38756846
What type of documents?
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 1000 total points
ID: 38756854
Yes, I believe you can do this, but you'll want to test lab it first.

Remove any write/modify permissions from any users groups and disable inheritance on the folder in question.

Now, all of the following will need to be done from the "advanced" section of the security settings. Add a new permission and set the group to the group(s) of users you want to have permissions to create new files. Set the inheritance to "this folder and subfolders." Give them the "create files/write data" permissions, as well as the various read permissions. This will allow the users to create new files without problem and whoever creates the file will be considered the "owner." The inheritance of "folder and subfolders" will *prevent* this group from getting write permissions to any files though.

Second, add a new permission for the user "Creator Owner." Set the inheritance to "folders, subfolders, and files." And then give that the permissions to all of the various write permissions. This will allow the owner to modify their own files as the inheritance will carry down all the way to the file level, including newly created files.

Good luck.

LVL 70

Expert Comment

ID: 38757248
What are the documents ?

Recent versions of Microsoft Office have the ability to protect documents and restrict editing - this may do what you want

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 38767484
Thanks for the answers. I am going to test out cgaliher's solution because I don't know what type of documents they will be creating. It could be anything from WordPerfect to Word to Excel to OpenOffice.

Author Comment

ID: 38767719

Your solution is good, but here is the problem. Only the creators of the files can see them and modify them. I need all the users to be able to open the files, but not make any changes. With your solution, the permissions on any new files get set so that only the creator of the file can open it and edit it. Is there a way to do this where other users can also open the files but be restricted from modifying them?
LVL 59

Accepted Solution

Cliff Galiher earned 1000 total points
ID: 38768462
Sure. Add a third advanced permission. The group is all the users you want to have read access. The inheritance is folders. Subfolders. And files. And the permissions are the read permissions.

Again, inheritance will kick in for newly created files and permissions are cumulative. Should mean that new files get read permissions for all users and modify permissions for just the creator owner.

Author Comment

ID: 38784222

That worked. I had to play around the permissions a little on CREATOR OWNER and was able to get the results I was pushing for when I just gave them full permission. Now when someone creates a file, they can do whatever they want to it, and other users can only read it. Your last post with the suggestion to add another advanced permission for my group with only read access is what really got things going though. I have accepted your solution. Thank you!

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This program is used to assist in finding and resolving common problems with wireless connections.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question