Solved

Windows 2008 File permissions

Posted on 2014-03-05
12
466 Views
Last Modified: 2014-03-07
Having an issue with windows 2008 file permissions.

 I need to lockdown a certain folder structure so that all can view/read/execute but not write, except for key people. (Right now I'm just working at the root folder, I'm not even dealing with the inheritable permissions yet)

So I believe the solution is to create a security group and add all the people to be denied write into that group. I applied that group to the folder w/ only 1 test user.

That test user can still create a folder... now if I add that specific user the deny write access that user can't create a folder.

So it appears that windows so choosing to ignore the security group I created with the deny write permission. I'm missing something here...?

I'm going to be doing more windows file sharing.. is there a 3rd party file sharing software I should use?
Thanks!
0
Comment
Question by:PapaSmurff
  • 6
  • 3
  • 3
12 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39906169
Please specify the permission details on the folder. and list the group name as well.
0
 

Author Comment

by:PapaSmurff
ID: 39906197
Everyone has read&execute
All_students are denied for everything
Appssg are denied write
administrators have full access

Security group is appssg w/ one test user assigned.
Thanks.
0
 

Author Comment

by:PapaSmurff
ID: 39906200
Sorry everyone has three checked read/execute, list, & read.
0
 
LVL 6

Accepted Solution

by:
smithandandersen earned 250 total points
ID: 39906297
I would do it the other way around
Create a group with the users that you want to write to this folder

create share<SHARE permissions=everyone full control
NTFS security from advanced tab>new group=modify, this folder,sub folders and files
domain users or security group=list+read att+read ext att+read permissions

also if you enable ABE on the sharing users without NTFS permission wont even see the folder
0
 

Author Comment

by:PapaSmurff
ID: 39906441
Thanks I think I understand. I haven't had to deal with windows permissions in a while.
0
 

Author Comment

by:PapaSmurff
ID: 39907079
Ok, I don't understand. So where is the deny write for all users except the users I want to be able too.
Thanks again.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Expert Comment

by:smithandandersen
ID: 39907096
you don't deny write...just don't give the permissions

make sure you are clicking the advanced button
0
 
LVL 13

Assisted Solution

by:Santosh Gupta
Santosh Gupta earned 250 total points
ID: 39907120
Hi, instead of using Deny, donot give them Any rights. As Deny has highest precedence.

also check the effective permission of that user. from blow.

userperm
0
 

Author Comment

by:PapaSmurff
ID: 39907181
smithandandersen: I'm not assigning write rights in the first place. From that I assumed everyone has full rights to modify rights from the start..

 sgupta1181: When I look at effective permissions for anyone it lists full control. Even a student who is in the all_students group that is denied everything.

Clearly something is majorly wrong...
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39907204
Pls share the screenshot of advanced permission
0
 
LVL 6

Expert Comment

by:smithandandersen
ID: 39907218
on the folder in question:

right click>properties>security>advanced button>change permissions

uncheck include inheritable perms>click add in the windows security message
remove any unneeded users or groups
highlight your group to write and click edit
check full control to select all then uncheck full control, change perms and take ownership. Set it for folders, sub folders and files>click ok
for the rest of users for read only do the same except check only list+read att+read ext att+read permissions
0
 

Author Closing Comment

by:PapaSmurff
ID: 39912484
Sorry guys. The issue was a security group within a security group. Thanks for the help.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now