Solved

NTFS permissions for shared folder

Posted on 2013-11-01
3
208 Views
Last Modified: 2013-12-17
Hey folks, I've been having a tough time with some very specific permissions on a folder template that IT has been asked to implement.  Luckily there's only three security groups that we need to worry about:  Domain admins, Domain users, and CAD Management.  You can see a brief screenshot of a partial folder structure here.
 PermissionsDomain admins and Cad management are easy.  Domain admins have Full Control everywhere including the root "ProjectsTEMPLATE" and Cad Management should have Read and Execute at the root and Modify everywhere else.

Domain users are another story.  I'll use the following path taken from the picture above to demonstrate.

\\fileserver\ProjectsTEMPLATE\10-Administration\01-Marketing   :  Domain users can create/delete/change subfolders and files but not rename or delete the root "01-Marketing"

\\fileserver\ProjectsTEMPLATE\10-Administration\02-Finance   :  Domain users can create/delete/change subfolders and files but not rename or delete the root "02-Finance"

\\fileserver\ProjectsTEMPLATE\10-Administration\03-ProjectManagement\01-Contracts\01-Owner\AddServiceRequests / Amendments    :  Domain users Full Modify

\\fileserver\ProjectsTEMPLATE\10-Administration\03-ProjectManagement\01-Contracts\01-Owner    :  Domain users can create/delete/change subfolders and files but not rename or delete the root "01-Owner"

\\fileserver\ProjectsTEMPLATE\10-Administration\03-ProjectManagement\01-Contracts    :  Domain users can create/delete/change subfolders and files but not rename or delete the "01-Owner" subfolder or the root "01-Contracts"

After I get this I can apply it to the rest of the structure.  The part I'm having a tough time with especially is giving Domain Users the ability to create/delete new files and folders in the \\fileserver\ProjectsTEMPLATE\10-Administration\03-ProjectManagement\01-Contracts directory while restricting them from changing or deleting the "set in stone" 01-Owner subfolder but allowing them to create/delete files and folders in the 01-owner subdirectory.  Thanks folks, I appreciate the help.
0
Comment
Question by:jstergakis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Expert Comment

by:Skyler Kincaid
ID: 39617346
When I first saw your questions I did not want to help because it will be drawn out and require a lot of attention but here we go.

The settings that are important in a situation like this are the inherit permissions from parent and also the advanced permissions settings which I will include a screenshot of both of them for your reference. With these two settings and what you have so far you should be able to do what you need to. Have you already tried using those? If so, let me know and we can start from the beginning and make sure you get it setup correctly.

The permissions that you can customize by selecting a user or group from the advanced settings is the key part because you can apply different settings to the folder, folder files and folders within, just files and so on. Check the pictures for the reference.
Advanced-Settings.PNG
Object-Permissions.png
0
 

Author Comment

by:jstergakis
ID: 39617865
Thanks for replying.  Yes I am familiar with the advanced tabs and how inheriting works.

So to start with a basic problem, as seen above I have a folder titled 01-Contracts and sub folders 01-Owner and 02-Consultants.  

The ability for domain users to add/delete files and folders in the 01-Owners and 02-Consultants but not to be able to change the root folder.  If I go into advanced security on theses folders and remove Inherited permissions, and then go into the advanced user permissions for Domain Users and add "Create Files/Write Data" "Create Folders/Append Data" and "Delete Subfolders and Files" I can successfully (as a domain user) create subfolders and files and delete subfolders and files but I cannot change the root.  Great.  But when I go up a level to the 01-Contracts directory I am having a hard time getting that folder to work correctly.  Even though I am not inheriting permissions on Owners and Consultants I am still able to delete these folders if I apply the same permissions to the parent 01-Contracts directory which has me scratching my head a little.  I know it's something with the "Apply To" dropdown but it's getting frustrating.  Thanks.
0
 
LVL 15

Accepted Solution

by:
Skyler Kincaid earned 500 total points
ID: 39618409
From the Advanced options you can set multiple different permissions for the same group.

For example you can select "This Folder" for a certain group and only give them read permissions, then you can do this folder and sub folders and give them modify    permissions. It will combine the permissions if it is possible once you apply them.

You can customize it down to the smallest permissions. You need to make sure that the user groups you don't want to be able to delete a certain folder are blocked from doing that even if it is just at the level of that folder.

It might make creating the structure easier if you approach it from that sense. If that doesn't make sense to you I will create the same structure and give you screenshots of what the permissions need to be for each folder.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question