Prevent Mac users from deleting sub-folders on a Windows Share
Hello,
We have recently implemented security on a Windows server that dis-allows users to add, remove or change any files from the top level of the share, but they are able to add, remove or change the contents of sub-folders.
My issue is Mac users are denied access to remove the top-level folders but if they try to delete the top-level folder they are not denied access to the sub-folders. The delete traverses the sub-folders and deletes anything below that top-level if they have access to do so.
Is there a setting in Windows or Mac OS that will dis-allow the recursive sub-folder delete?
I do not have this issue with a Windows PC, if the user tries to delete the top-level folder on a PC, they get a message that they are not allowed to do so, and it does not affect the sub-folders at all.
We have recently implemented security on a Windows server that dis-allows users to add, remove or change any files from the top level of the share, but they are able to add, remove or change the contents of sub-folders.
My issue is Mac users are denied access to remove the top-level folders but if they try to delete the top-level folder they are not denied access to the sub-folders. The delete traverses the sub-folders and deletes anything below that top-level if they have access to do so.
Is there a setting in Windows or Mac OS that will dis-allow the recursive sub-folder delete?
I do not have this issue with a Windows PC, if the user tries to delete the top-level folder on a PC, they get a message that they are not allowed to do so, and it does not affect the sub-folders at all.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All,
The permissions are working correctly, from a Windows PC we are able to do exactly what I require. The top level should not be able to be changed, added to or deleted from. Under those folders they have rights to add, change and remove items.
This works totally fine on a PC, a Mac on the other hand (in Gui mode) has the recursive option turned on so it will address any data below the top-level.
Yes they are AD accounts, but the machine is not logging into the domain, the Mac users are just mapping a Windows share using their AD credentials. If there is no way to prevent this behavior, that's fine I just wanted to ask a larger community.
The permissions are working correctly, from a Windows PC we are able to do exactly what I require. The top level should not be able to be changed, added to or deleted from. Under those folders they have rights to add, change and remove items.
This works totally fine on a PC, a Mac on the other hand (in Gui mode) has the recursive option turned on so it will address any data below the top-level.
Yes they are AD accounts, but the machine is not logging into the domain, the Mac users are just mapping a Windows share using their AD credentials. If there is no way to prevent this behavior, that's fine I just wanted to ask a larger community.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think that both of you answered to the best of your knowledge, thanks for trying.
Are the Mac users logging onto the Macs with AD credentials? If so, then AD is AD is AD and it should just work like it does for a Windows user. If they are logging on locally, which they can do, do you have security on the share set to not allow EVERYONE in; you could limit the lowest access to domain users; this would force people to use AD creds. Do you have the permissions in the top level folder set to flow down to the sub-folders?