Solved

Permissions for files and folders (2008 Server)

Posted on 2014-02-27
18
596 Views
Last Modified: 2014-03-18
Hi, I have a Tree of Folders (see attached) and I want to deny all access (Insert/Delete/Rename) to Folders and grant access only to some Folders to some Users.
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2.
How to do this?
0
Comment
Question by:LexNews
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 2
18 Comments
 
LVL 40

Expert Comment

by:als315
ID: 39898287
Can you add some details:
1. Do you mean local or network access?
2. Do you have Windows XP professional version?

Details about files and folders permissions you can find here:
http://support.microsoft.com/kb/308419/en-us
0
 

Author Comment

by:LexNews
ID: 39909580
Why Topics were changed?
It´s not a Microsoft Windows XP problem.
It´s a Windows Server 2008 problem.
0
 
LVL 40

Expert Comment

by:als315
ID: 39910237
Server 2008 has similar to XP permission system.
http://technet.microsoft.com/en-us/library/cc754344.aspx
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 25

Expert Comment

by:Lionel MM
ID: 39912318
you can use icacls--here is an example
icacls c:\location\Nivel_2_Folder_2 /grant:r Lusia:(rx)
which will give Lusia read and execute access on the folder, it will replace the existing permissions (/grant:r)--if you don't want to replace permissions already there then just use /grant

here is more info in icacls
http://technet.microsoft.com/en-us/library/cc753525.aspx
0
 

Author Comment

by:LexNews
ID: 39912724
lionelmm, in this case, Lusia will be able to Delete the Folder?
I don´t want it.
I want to deny all access from the Root Folder C:\ and grant some access to specific Folders/Users.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39912815
That was just an example--this is what you question says (copied from above)
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2, so what is it that you want? You said you want to "grant all access (Insert/Delete/Rename) to User Lusia"
0
 

Author Comment

by:LexNews
ID: 39912883
Excuse me for my English.
Let me try to explain it again.

1) I want to deny access to all Users (except Administrator).
2) For a given Folder, I want to grant Rename access do User Lusia.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 500 total points
ID: 39913170
Check this link for more info http://windowsitpro.com/security/icacls
OK denying access is tough to keep straight and may cause more problems that you care to deal with so I suggest this, and run these in this order
1) icacls c:\FolderName_or_ FileName\* /save acl-documents.txt /T (this saves the current permissions before you make any changes in case you mess things up; you can also use icacls c:\FolderName_or_ FileName /restore  acl-documents to reset file/folder)
2) Grant Admins full control, with icacls c:\FolderName_or_ FileName /grant:r Administrator Lusia:(rx)
3) the run icacls c:\FolderName_or_ FileName /grant:r administrator:(f) /inheritance:r to give the administrator full permissions and to remove existing inheritance
4) Then run icacls c:\FolderName_or_ FileName /grant:r lusia:(w)

This will allow them to rename the folder but not delete it not with admin rights. Let me know if that works for you or not.
0
 

Author Comment

by:LexNews
ID: 39924266
I´m sick since Saturday and I didn´t have the time to test the solution proposed by lionelmm.
0
 

Author Comment

by:LexNews
ID: 39924700
Error.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança /grant:r adminis
trator:(f) /inheritance:r
processed file: C:\Teste_de_Politica_de_Segurança
Successfully processed 1 files; Failed processing 0 files

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 lusia:(w)
Invalid parameter "lusia:(w)"

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 /grant:r lusia:(w)
lusia: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Administrator>
0
 

Author Comment

by:LexNews
ID: 39924748
My mistake.
User invalid.
Still testing.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39925110
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 lusia:(w)
You left out the /grant option on this one--the other two were successful
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 /grant:r lusia:(w)
0
 

Author Comment

by:LexNews
ID: 39927771
It worked, but I didn´t understand some things.
I´ll open another question.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39928872
OK good but go ahead and ask your questions now if you want to
0
 

Author Comment

by:LexNews
ID: 39929608
Did you see the other question I asked?
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question