Permissions for files and folders (2008 Server)

Hi, I have a Tree of Folders (see attached) and I want to deny all access (Insert/Delete/Rename) to Folders and grant access only to some Folders to some Users.
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2.
How to do this?
LexNewsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

als315Commented:
Can you add some details:
1. Do you mean local or network access?
2. Do you have Windows XP professional version?

Details about files and folders permissions you can find here:
http://support.microsoft.com/kb/308419/en-us
0
LexNewsAuthor Commented:
Why Topics were changed?
It´s not a Microsoft Windows XP problem.
It´s a Windows Server 2008 problem.
0
als315Commented:
Server 2008 has similar to XP permission system.
http://technet.microsoft.com/en-us/library/cc754344.aspx
0
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

Lionel MMSmall Business IT ConsultantCommented:
you can use icacls--here is an example
icacls c:\location\Nivel_2_Folder_2 /grant:r Lusia:(rx)
which will give Lusia read and execute access on the folder, it will replace the existing permissions (/grant:r)--if you don't want to replace permissions already there then just use /grant

here is more info in icacls
http://technet.microsoft.com/en-us/library/cc753525.aspx
0
LexNewsAuthor Commented:
lionelmm, in this case, Lusia will be able to Delete the Folder?
I don´t want it.
I want to deny all access from the Root Folder C:\ and grant some access to specific Folders/Users.
0
Lionel MMSmall Business IT ConsultantCommented:
That was just an example--this is what you question says (copied from above)
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2, so what is it that you want? You said you want to "grant all access (Insert/Delete/Rename) to User Lusia"
0
LexNewsAuthor Commented:
Excuse me for my English.
Let me try to explain it again.

1) I want to deny access to all Users (except Administrator).
2) For a given Folder, I want to grant Rename access do User Lusia.
0
Lionel MMSmall Business IT ConsultantCommented:
Check this link for more info http://windowsitpro.com/security/icacls
OK denying access is tough to keep straight and may cause more problems that you care to deal with so I suggest this, and run these in this order
1) icacls c:\FolderName_or_ FileName\* /save acl-documents.txt /T (this saves the current permissions before you make any changes in case you mess things up; you can also use icacls c:\FolderName_or_ FileName /restore  acl-documents to reset file/folder)
2) Grant Admins full control, with icacls c:\FolderName_or_ FileName /grant:r Administrator Lusia:(rx)
3) the run icacls c:\FolderName_or_ FileName /grant:r administrator:(f) /inheritance:r to give the administrator full permissions and to remove existing inheritance
4) Then run icacls c:\FolderName_or_ FileName /grant:r lusia:(w)

This will allow them to rename the folder but not delete it not with admin rights. Let me know if that works for you or not.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LexNewsAuthor Commented:
I´m sick since Saturday and I didn´t have the time to test the solution proposed by lionelmm.
0
LexNewsAuthor Commented:
Error.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança /grant:r adminis
trator:(f) /inheritance:r
processed file: C:\Teste_de_Politica_de_Segurança
Successfully processed 1 files; Failed processing 0 files

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 lusia:(w)
Invalid parameter "lusia:(w)"

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 /grant:r lusia:(w)
lusia: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Administrator>
0
LexNewsAuthor Commented:
My mistake.
User invalid.
Still testing.
0
Lionel MMSmall Business IT ConsultantCommented:
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 lusia:(w)
You left out the /grant option on this one--the other two were successful
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 /grant:r lusia:(w)
0
LexNewsAuthor Commented:
It worked, but I didn´t understand some things.
I´ll open another question.
0
Lionel MMSmall Business IT ConsultantCommented:
OK good but go ahead and ask your questions now if you want to
0
LexNewsAuthor Commented:
Did you see the other question I asked?
0
LexNewsAuthor Commented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.