?
Solved

Permissions for files and folders (2008 Server)

Posted on 2014-02-27
18
Medium Priority
?
601 Views
Last Modified: 2014-03-18
Hi, I have a Tree of Folders (see attached) and I want to deny all access (Insert/Delete/Rename) to Folders and grant access only to some Folders to some Users.
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2.
How to do this?
0
Comment
Question by:LexNews
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 2
18 Comments
 
LVL 40

Expert Comment

by:als315
ID: 39898287
Can you add some details:
1. Do you mean local or network access?
2. Do you have Windows XP professional version?

Details about files and folders permissions you can find here:
http://support.microsoft.com/kb/308419/en-us
0
 

Author Comment

by:LexNews
ID: 39909580
Why Topics were changed?
It´s not a Microsoft Windows XP problem.
It´s a Windows Server 2008 problem.
0
 
LVL 40

Expert Comment

by:als315
ID: 39910237
Server 2008 has similar to XP permission system.
http://technet.microsoft.com/en-us/library/cc754344.aspx
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 25

Expert Comment

by:Lionel MM
ID: 39912318
you can use icacls--here is an example
icacls c:\location\Nivel_2_Folder_2 /grant:r Lusia:(rx)
which will give Lusia read and execute access on the folder, it will replace the existing permissions (/grant:r)--if you don't want to replace permissions already there then just use /grant

here is more info in icacls
http://technet.microsoft.com/en-us/library/cc753525.aspx
0
 

Author Comment

by:LexNews
ID: 39912724
lionelmm, in this case, Lusia will be able to Delete the Folder?
I don´t want it.
I want to deny all access from the Root Folder C:\ and grant some access to specific Folders/Users.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39912815
That was just an example--this is what you question says (copied from above)
For example, I want to grant all access (Insert/Delete/Rename) to User Lusia on Folder Nivel_2_Folder_2, so what is it that you want? You said you want to "grant all access (Insert/Delete/Rename) to User Lusia"
0
 

Author Comment

by:LexNews
ID: 39912883
Excuse me for my English.
Let me try to explain it again.

1) I want to deny access to all Users (except Administrator).
2) For a given Folder, I want to grant Rename access do User Lusia.
0
 
LVL 25

Accepted Solution

by:
Lionel MM earned 2000 total points
ID: 39913170
Check this link for more info http://windowsitpro.com/security/icacls
OK denying access is tough to keep straight and may cause more problems that you care to deal with so I suggest this, and run these in this order
1) icacls c:\FolderName_or_ FileName\* /save acl-documents.txt /T (this saves the current permissions before you make any changes in case you mess things up; you can also use icacls c:\FolderName_or_ FileName /restore  acl-documents to reset file/folder)
2) Grant Admins full control, with icacls c:\FolderName_or_ FileName /grant:r Administrator Lusia:(rx)
3) the run icacls c:\FolderName_or_ FileName /grant:r administrator:(f) /inheritance:r to give the administrator full permissions and to remove existing inheritance
4) Then run icacls c:\FolderName_or_ FileName /grant:r lusia:(w)

This will allow them to rename the folder but not delete it not with admin rights. Let me know if that works for you or not.
0
 

Author Comment

by:LexNews
ID: 39924266
I´m sick since Saturday and I didn´t have the time to test the solution proposed by lionelmm.
0
 

Author Comment

by:LexNews
ID: 39924700
Error.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança /grant:r adminis
trator:(f) /inheritance:r
processed file: C:\Teste_de_Politica_de_Segurança
Successfully processed 1 files; Failed processing 0 files

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 lusia:(w)
Invalid parameter "lusia:(w)"

C:\Users\Administrator>icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_L
usia\Nivel_2_Folder_1 /grant:r lusia:(w)
lusia: No mapping between account names and security IDs was done.
Successfully processed 0 files; Failed processing 1 files

C:\Users\Administrator>
0
 

Author Comment

by:LexNews
ID: 39924748
My mistake.
User invalid.
Still testing.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39925110
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 lusia:(w)
You left out the /grant option on this one--the other two were successful
icacls C:\Teste_de_Politica_de_Segurança\Nivel_1_Folder_Lusia\Nivel_2_Folder_1 /grant:r lusia:(w)
0
 

Author Comment

by:LexNews
ID: 39927771
It worked, but I didn´t understand some things.
I´ll open another question.
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 39928872
OK good but go ahead and ask your questions now if you want to
0
 

Author Comment

by:LexNews
ID: 39929608
Did you see the other question I asked?
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question