Solved

Permissions for files and folders (2008 Server)

Posted on 2014-02-27
18
593 Views
Last Modified: 2014-03-18
Hi, I have a Tree of Folders (see attached) and I want to deny all access (Insert/Delete/Rename) to Folders and grant access only to some Folders to some Users.
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2.
How to do this?
0
Comment
Question by:LexNews
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 2
18 Comments
 
LVL 40

Expert Comment

by:als315
ID: 39898287
Can you add some details:
1. Do you mean local or network access?
2. Do you have Windows XP professional version?

Details about files and folders permissions you can find here:
http://support.microsoft.com/kb/308419/en-us
0
 

Author Comment

by:LexNews
ID: 39909580
Why Topics were changed?
It´s not a Microsoft Windows XP problem.
It´s a Windows Server 2008 problem.
0
 
LVL 40

Expert Comment

by:als315
ID: 39910237
Server 2008 has similar to XP permission system.
http://technet.microsoft.com/en-us/library/cc754344.aspx
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 25

Expert Comment

by:Lionel MM
ID: 39912318
you can use icacls--here is an example
icacls c:\location\Nivel_2_Folder_2 /grant:r Lusia:(rx)
which will give Lusia read and execute access on the folder, it will replace the existing permissions (/grant:r)--if you don't want to replace permissions already there then just use /grant

here is more info in icacls
http://technet.microsoft.com/en-us/library/cc753525.aspx
0
 

Author Comment

by:LexNews
ID: 39912724
lionelmm, in this case, Lusia will be able to Delete the Folder?
I don´t want it.
I want to deny all access from the Root Folder C:\ and grant some access to specific Folders/Users.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39912815
That was just an example--this is what you question says (copied from above)
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2, so what is it that you want? You said you want to "grant all access (Insert/Delete/Rename) to User Lusia"
0
 

Author Comment

by:LexNews
ID: 39912883
Excuse me for my English.
Let me try to explain it again.

1) I want to deny access to all Users (except Administrator).
2) For a given Folder, I want to grant Rename access do User Lusia.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 500 total points
ID: 39913170
Check this link for more info http://windowsitpro.com/security/icacls
OK denying access is tough to keep straight and may cause more problems that you care to deal with so I suggest this, and run these in this order
1) icacls c:\FolderName_or_ FileName\* /save acl-documents.txt /T (this saves the current permissions before you make any changes in case you mess things up; you can also use icacls c:\FolderName_or_ FileName /restore  acl-documents to reset file/folder)
2) Grant Admins full control, with icacls c:\FolderName_or_ FileName /grant:r Administrator Lusia:(rx)
3) the run icacls c:\FolderName_or_ FileName /grant:r administrator:(f) /inheritance:r to give the administrator full permissions and to remove existing inheritance
4) Then run icacls c:\FolderName_or_ FileName /grant:r lusia:(w)

This will allow them to rename the folder but not delete it not with admin rights. Let me know if that works for you or not.
0
 

Author Comment

by:LexNews
ID: 39924266
I´m sick since Saturday and I didn´t have the time to test the solution proposed by lionelmm.
0
 

Author Comment

by:LexNews
ID: 39924700
Error.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança /grant:r adminis
trator:(f) /inheritance:r
processed file: C:\Teste_de_Politica_de_Segurança
Successfully processed 1 files; Failed processing 0 files

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 lusia:(w)
Invalid parameter "lusia:(w)"

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 /grant:r lusia:(w)
lusia: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Administrator>
0
 

Author Comment

by:LexNews
ID: 39924748
My mistake.
User invalid.
Still testing.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39925110
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 lusia:(w)
You left out the /grant option on this one--the other two were successful
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 /grant:r lusia:(w)
0
 

Author Comment

by:LexNews
ID: 39927771
It worked, but I didn´t understand some things.
I´ll open another question.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39928872
OK good but go ahead and ask your questions now if you want to
0
 

Author Comment

by:LexNews
ID: 39929608
Did you see the other question I asked?
0
 

Author Comment

by:LexNews
ID: 39938032
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question