Solved

Windows 2008 File permissions

Posted on 2014-03-05
12
464 Views
Last Modified: 2014-03-07
Having an issue with windows 2008 file permissions.

 I need to lockdown a certain folder structure so that all can view/read/execute but not write, except for key people. (Right now I'm just working at the root folder, I'm not even dealing with the inheritable permissions yet)

So I believe the solution is to create a security group and add all the people to be denied write into that group. I applied that group to the folder w/ only 1 test user.

That test user can still create a folder... now if I add that specific user the deny write access that user can't create a folder.

So it appears that windows so choosing to ignore the security group I created with the deny write permission. I'm missing something here...?

I'm going to be doing more windows file sharing.. is there a 3rd party file sharing software I should use?
Thanks!
0
Comment
Question by:PapaSmurff
  • 6
  • 3
  • 3
12 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39906169
Please specify the permission details on the folder. and list the group name as well.
0
 

Author Comment

by:PapaSmurff
ID: 39906197
Everyone has read&execute
All_students are denied for everything
Appssg are denied write
administrators have full access

Security group is appssg w/ one test user assigned.
Thanks.
0
 

Author Comment

by:PapaSmurff
ID: 39906200
Sorry everyone has three checked read/execute, list, & read.
0
 
LVL 6

Accepted Solution

by:
smithandandersen earned 250 total points
ID: 39906297
I would do it the other way around
Create a group with the users that you want to write to this folder

create share<SHARE permissions=everyone full control
NTFS security from advanced tab>new group=modify, this folder,sub folders and files
domain users or security group=list+read att+read ext att+read permissions

also if you enable ABE on the sharing users without NTFS permission wont even see the folder
0
 

Author Comment

by:PapaSmurff
ID: 39906441
Thanks I think I understand. I haven't had to deal with windows permissions in a while.
0
 

Author Comment

by:PapaSmurff
ID: 39907079
Ok, I don't understand. So where is the deny write for all users except the users I want to be able too.
Thanks again.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 
LVL 6

Expert Comment

by:smithandandersen
ID: 39907096
you don't deny write...just don't give the permissions

make sure you are clicking the advanced button
0
 
LVL 13

Assisted Solution

by:Santosh Gupta
Santosh Gupta earned 250 total points
ID: 39907120
Hi, instead of using Deny, donot give them Any rights. As Deny has highest precedence.

also check the effective permission of that user. from blow.

userperm
0
 

Author Comment

by:PapaSmurff
ID: 39907181
smithandandersen: I'm not assigning write rights in the first place. From that I assumed everyone has full rights to modify rights from the start..

 sgupta1181: When I look at effective permissions for anyone it lists full control. Even a student who is in the all_students group that is denied everything.

Clearly something is majorly wrong...
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39907204
Pls share the screenshot of advanced permission
0
 
LVL 6

Expert Comment

by:smithandandersen
ID: 39907218
on the folder in question:

right click>properties>security>advanced button>change permissions

uncheck include inheritable perms>click add in the windows security message
remove any unneeded users or groups
highlight your group to write and click edit
check full control to select all then uncheck full control, change perms and take ownership. Set it for folders, sub folders and files>click ok
for the rest of users for read only do the same except check only list+read att+read ext att+read permissions
0
 

Author Closing Comment

by:PapaSmurff
ID: 39912484
Sorry guys. The issue was a security group within a security group. Thanks for the help.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Suggested Solutions

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now