Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows 2008 File permissions

Posted on 2014-03-05
12
Medium Priority
?
494 Views
Last Modified: 2014-03-07
Having an issue with windows 2008 file permissions.

 I need to lockdown a certain folder structure so that all can view/read/execute but not write, except for key people. (Right now I'm just working at the root folder, I'm not even dealing with the inheritable permissions yet)

So I believe the solution is to create a security group and add all the people to be denied write into that group. I applied that group to the folder w/ only 1 test user.

That test user can still create a folder... now if I add that specific user the deny write access that user can't create a folder.

So it appears that windows so choosing to ignore the security group I created with the deny write permission. I'm missing something here...?

I'm going to be doing more windows file sharing.. is there a 3rd party file sharing software I should use?
Thanks!
0
Comment
Question by:PapaSmurff
  • 6
  • 3
  • 3
12 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39906169
Please specify the permission details on the folder. and list the group name as well.
0
 

Author Comment

by:PapaSmurff
ID: 39906197
Everyone has read&execute
All_students are denied for everything
Appssg are denied write
administrators have full access

Security group is appssg w/ one test user assigned.
Thanks.
0
 

Author Comment

by:PapaSmurff
ID: 39906200
Sorry everyone has three checked read/execute, list, & read.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 6

Accepted Solution

by:
smithandandersen earned 1000 total points
ID: 39906297
I would do it the other way around
Create a group with the users that you want to write to this folder

create share<SHARE permissions=everyone full control
NTFS security from advanced tab>new group=modify, this folder,sub folders and files
domain users or security group=list+read att+read ext att+read permissions

also if you enable ABE on the sharing users without NTFS permission wont even see the folder
0
 

Author Comment

by:PapaSmurff
ID: 39906441
Thanks I think I understand. I haven't had to deal with windows permissions in a while.
0
 

Author Comment

by:PapaSmurff
ID: 39907079
Ok, I don't understand. So where is the deny write for all users except the users I want to be able too.
Thanks again.
0
 
LVL 6

Expert Comment

by:smithandandersen
ID: 39907096
you don't deny write...just don't give the permissions

make sure you are clicking the advanced button
0
 
LVL 13

Assisted Solution

by:Santosh Gupta
Santosh Gupta earned 1000 total points
ID: 39907120
Hi, instead of using Deny, donot give them Any rights. As Deny has highest precedence.

also check the effective permission of that user. from blow.

userperm
0
 

Author Comment

by:PapaSmurff
ID: 39907181
smithandandersen: I'm not assigning write rights in the first place. From that I assumed everyone has full rights to modify rights from the start..

 sgupta1181: When I look at effective permissions for anyone it lists full control. Even a student who is in the all_students group that is denied everything.

Clearly something is majorly wrong...
0
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39907204
Pls share the screenshot of advanced permission
0
 
LVL 6

Expert Comment

by:smithandandersen
ID: 39907218
on the folder in question:

right click>properties>security>advanced button>change permissions

uncheck include inheritable perms>click add in the windows security message
remove any unneeded users or groups
highlight your group to write and click edit
check full control to select all then uncheck full control, change perms and take ownership. Set it for folders, sub folders and files>click ok
for the rest of users for read only do the same except check only list+read att+read ext att+read permissions
0
 

Author Closing Comment

by:PapaSmurff
ID: 39912484
Sorry guys. The issue was a security group within a security group. Thanks for the help.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question