Solved

Permissions for files and folders (2008 Server)

Posted on 2014-02-27
18
589 Views
Last Modified: 2014-03-18
Hi, I have a Tree of Folders (see attached) and I want to deny all access (Insert/Delete/Rename) to Folders and grant access only to some Folders to some Users.
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2.
How to do this?
0
Comment
Question by:LexNews
  • 9
  • 5
  • 2
18 Comments
 
LVL 40

Expert Comment

by:als315
ID: 39898287
Can you add some details:
1. Do you mean local or network access?
2. Do you have Windows XP professional version?

Details about files and folders permissions you can find here:
http://support.microsoft.com/kb/308419/en-us
0
 

Author Comment

by:LexNews
ID: 39909580
Why Topics were changed?
It´s not a Microsoft Windows XP problem.
It´s a Windows Server 2008 problem.
0
 
LVL 40

Expert Comment

by:als315
ID: 39910237
Server 2008 has similar to XP permission system.
http://technet.microsoft.com/en-us/library/cc754344.aspx
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 25

Expert Comment

by:Lionel MM
ID: 39912318
you can use icacls--here is an example
icacls c:\location\Nivel_2_Folder_2 /grant:r Lusia:(rx)
which will give Lusia read and execute access on the folder, it will replace the existing permissions (/grant:r)--if you don't want to replace permissions already there then just use /grant

here is more info in icacls
http://technet.microsoft.com/en-us/library/cc753525.aspx
0
 

Author Comment

by:LexNews
ID: 39912724
lionelmm, in this case, Lusia will be able to Delete the Folder?
I don´t want it.
I want to deny all access from the Root Folder C:\ and grant some access to specific Folders/Users.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39912815
That was just an example--this is what you question says (copied from above)
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2, so what is it that you want? You said you want to "grant all access (Insert/Delete/Rename) to User Lusia"
0
 

Author Comment

by:LexNews
ID: 39912883
Excuse me for my English.
Let me try to explain it again.

1) I want to deny access to all Users (except Administrator).
2) For a given Folder, I want to grant Rename access do User Lusia.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 500 total points
ID: 39913170
Check this link for more info http://windowsitpro.com/security/icacls
OK denying access is tough to keep straight and may cause more problems that you care to deal with so I suggest this, and run these in this order
1) icacls c:\FolderName_or_ FileName\* /save acl-documents.txt /T (this saves the current permissions before you make any changes in case you mess things up; you can also use icacls c:\FolderName_or_ FileName /restore  acl-documents to reset file/folder)
2) Grant Admins full control, with icacls c:\FolderName_or_ FileName /grant:r Administrator Lusia:(rx)
3) the run icacls c:\FolderName_or_ FileName /grant:r administrator:(f) /inheritance:r to give the administrator full permissions and to remove existing inheritance
4) Then run icacls c:\FolderName_or_ FileName /grant:r lusia:(w)

This will allow them to rename the folder but not delete it not with admin rights. Let me know if that works for you or not.
0
 

Author Comment

by:LexNews
ID: 39924266
I´m sick since Saturday and I didn´t have the time to test the solution proposed by lionelmm.
0
 

Author Comment

by:LexNews
ID: 39924700
Error.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança /grant:r adminis
trator:(f) /inheritance:r
processed file: C:\Teste_de_Politica_de_Segurança
Successfully processed 1 files; Failed processing 0 files

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 lusia:(w)
Invalid parameter "lusia:(w)"

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 /grant:r lusia:(w)
lusia: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Administrator>
0
 

Author Comment

by:LexNews
ID: 39924748
My mistake.
User invalid.
Still testing.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39925110
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 lusia:(w)
You left out the /grant option on this one--the other two were successful
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 /grant:r lusia:(w)
0
 

Author Comment

by:LexNews
ID: 39927771
It worked, but I didn´t understand some things.
I´ll open another question.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39928872
OK good but go ahead and ask your questions now if you want to
0
 

Author Comment

by:LexNews
ID: 39929608
Did you see the other question I asked?
0
 

Author Comment

by:LexNews
ID: 39938032
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SBS 2003 Windows 7 issues 7 33
Changing a SBS 2011 Server to TLS 6 31
Clone Hype V Machine with ISCSI SAn storge 3 34
SRV.SYS Causing Server Crash During Backup 11 30
If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question