jstergakis
asked on
NTFS permissions for shared folder
Hey folks, I've been having a tough time with some very specific permissions on a folder template that IT has been asked to implement. Luckily there's only three security groups that we need to worry about: Domain admins, Domain users, and CAD Management. You can see a brief screenshot of a partial folder structure here.
Domain admins and Cad management are easy. Domain admins have Full Control everywhere including the root "ProjectsTEMPLATE" and Cad Management should have Read and Execute at the root and Modify everywhere else.
Domain users are another story. I'll use the following path taken from the picture above to demonstrate.
\\fileserver\ProjectsTEMPL
\\fileserver\ProjectsTEMPL
\\fileserver\ProjectsTEMPL
\\fileserver\ProjectsTEMPL
\\fileserver\ProjectsTEMPL
After I get this I can apply it to the rest of the structure. The part I'm having a tough time with especially is giving Domain Users the ability to create/delete new files and folders in the \\fileserver\ProjectsTEMPL
Domain admins and Cad management are easy. Domain admins have Full Control everywhere including the root "ProjectsTEMPLATE" and Cad Management should have Read and Execute at the root and Modify everywhere else.Domain users are another story. I'll use the following path taken from the picture above to demonstrate.
\\fileserver\ProjectsTEMPL
\\fileserver\ProjectsTEMPL
\\fileserver\ProjectsTEMPL
\\fileserver\ProjectsTEMPL
\\fileserver\ProjectsTEMPL
After I get this I can apply it to the rest of the structure. The part I'm having a tough time with especially is giving Domain Users the ability to create/delete new files and folders in the \\fileserver\ProjectsTEMPL
ASKER
Thanks for replying. Yes I am familiar with the advanced tabs and how inheriting works.
So to start with a basic problem, as seen above I have a folder titled 01-Contracts and sub folders 01-Owner and 02-Consultants.
The ability for domain users to add/delete files and folders in the 01-Owners and 02-Consultants but not to be able to change the root folder. If I go into advanced security on theses folders and remove Inherited permissions, and then go into the advanced user permissions for Domain Users and add "Create Files/Write Data" "Create Folders/Append Data" and "Delete Subfolders and Files" I can successfully (as a domain user) create subfolders and files and delete subfolders and files but I cannot change the root. Great. But when I go up a level to the 01-Contracts directory I am having a hard time getting that folder to work correctly. Even though I am not inheriting permissions on Owners and Consultants I am still able to delete these folders if I apply the same permissions to the parent 01-Contracts directory which has me scratching my head a little. I know it's something with the "Apply To" dropdown but it's getting frustrating. Thanks.
So to start with a basic problem, as seen above I have a folder titled 01-Contracts and sub folders 01-Owner and 02-Consultants.
The ability for domain users to add/delete files and folders in the 01-Owners and 02-Consultants but not to be able to change the root folder. If I go into advanced security on theses folders and remove Inherited permissions, and then go into the advanced user permissions for Domain Users and add "Create Files/Write Data" "Create Folders/Append Data" and "Delete Subfolders and Files" I can successfully (as a domain user) create subfolders and files and delete subfolders and files but I cannot change the root. Great. But when I go up a level to the 01-Contracts directory I am having a hard time getting that folder to work correctly. Even though I am not inheriting permissions on Owners and Consultants I am still able to delete these folders if I apply the same permissions to the parent 01-Contracts directory which has me scratching my head a little. I know it's something with the "Apply To" dropdown but it's getting frustrating. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The settings that are important in a situation like this are the inherit permissions from parent and also the advanced permissions settings which I will include a screenshot of both of them for your reference. With these two settings and what you have so far you should be able to do what you need to. Have you already tried using those? If so, let me know and we can start from the beginning and make sure you get it setup correctly.
The permissions that you can customize by selecting a user or group from the advanced settings is the key part because you can apply different settings to the folder, folder files and folders within, just files and so on. Check the pictures for the reference.
Advanced-Settings.PNG
Object-Permissions.png