sglee
asked on
Setting Permission
I have a SHARE folder on SBS2011 where the group name "STAFF" has FULL ACCESS. The "STAFF" includes most domain users. The SHARE folder has many sub-folders. Today one of the users asked me if I can set the permissions on a specific sub-folder (under SHARE) so that some users would have FULL access where some has READ only access.
However all the users belong to the group "STAFF".
To be specific, say there are User1, User2, User3 and User4 that are members of the group "STAFF". The STAFF group has full access to D:\SHARE and its sub-folders. Now I need to set the permission on D:\SHARE\SubDir1\SubDir2\. ..\Vacatio nLog folder so that User1 and User2 have Full Access whereas User3 and User4 have Read-Only access.
Yesterday I attempted, but was not successful.
Can you help?
However all the users belong to the group "STAFF".
To be specific, say there are User1, User2, User3 and User4 that are members of the group "STAFF". The STAFF group has full access to D:\SHARE and its sub-folders. Now I need to set the permission on D:\SHARE\SubDir1\SubDir2\.
Yesterday I attempted, but was not successful.
Can you help?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Guy is right, sorry I was thinking of share and NTFS permissions for most restrictive. These are all NTFS.
THanks
Mike
THanks
Mike
ASKER
After adding "Write Deny" as Guy Hengel suggested, it worked.
Now I did not think of this: The group "STAFF" currently pretty much includes every domain users and not everyone should be able to make changes to the files in this folder.
If I want to allow only handful/selected users to have WRITE permission on this folder, what is the best way to accomplish that given the fact that STAFF group includes everyone pretty much and that group currently has full permission on VACATION folder.
Now I did not think of this: The group "STAFF" currently pretty much includes every domain users and not everyone should be able to make changes to the files in this folder.
If I want to allow only handful/selected users to have WRITE permission on this folder, what is the best way to accomplish that given the fact that STAFF group includes everyone pretty much and that group currently has full permission on VACATION folder.
On that particular folder you could make Staff only have read and then create a write group and give them write permissions.
Thanks
Mike
Thanks
Mike
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After creating a new group "VacationWriteUsers" giving FULL Permission to User 1 and User2, I wanted to take out WRITE permission from STAFF folder.
So I went to "Advanced" and chose "Change Permission" for STAFF and when I uncheck the checkbox for "Include inheritable permission from this object's parent", I get this warning.
So I went to "Advanced" and chose "Change Permission" for STAFF and when I uncheck the checkbox for "Include inheritable permission from this object's parent", I get this warning.
this is exactly what you want to achieve: this folder will NOT inherit any permissions you set at a higher level
Click add on that dialogue box, then you can go in and change the staff permission.
Thanks
Mike
Thanks
Mike
ASKER
After "unchecking" the checkbox, now I am free to set permission level to STAFF group.
I removed Full Control/Modify/Write permissions.
Thank you for your help.
I removed Full Control/Modify/Write permissions.
Thank you for your help.
ASKER
I will try that and post the result.