Avatar of LCali
LCali
 asked on

Add files but not modify current files in a folder

I have a folder with subfolders.  The Subfolders  have files.  I do not want users to create folders at any level.  In the subfolders the users need to be able to read all files but not modify them.  However they need to be able to create files in the subfolders.  I have tried numerous combinations of special permissions with no luck.  I would like to be able to set these permission at the top folder level to carry down through all the subfolders/files.
Server 2012 with files on external EMC Storage San.
Microsoft Legacy OSOS Security

Avatar of undefined
Last Comment
CSD-Tech

8/22/2022 - Mon
CSD-Tech

It sounds to me like you will need to setup Security Groups in your AD in order to do this.

One think you can do at the Top level is give all Authenticated Users Read Only Access and Domain Administrators & Administrators Full Control to the files and folders. The next thing you would do is give certain groups and/or people Read & Modify writes to the sub folders and files. Unfortunately this will give those certain groups and/or users the ability to create folders as well.

Once you give any group and/or a user modify rights, they have the right to create sub folders so the Modify may have to be a Special right to Create files / write data but deny them Create folder / append data.

I have heard of varying luck with the Deny check boxes, so you may be able to get away with just giving that group/user only the Create files/write data ability and not checking anything in the Create folder/append data option.

Let me know you've already done this.

Thanks,

Derrick
LCali

ASKER
Thanks, I've tried those things.  It used to work for us in a situation where the files were on the domain controller.  Now however they are on an external storage device (EMC).  Not sure if that makes the difference as the permissions copied over just the same as they were when on the DC.
ASKER CERTIFIED SOLUTION
CSD-Tech

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
LCali

ASKER
I've been working with microsoft.  They have actually said it can't be done.  We can get it set to let users create new files and NOT edit any file once it is created.  The last step is to prevent them from deleting any files and that is where we are now stuck with an open incident with Microsoft.  The tech said we can make that happen because when you open a new file or do a save as, a temp file is created and that temp file needs to be deleted.
I just can't believe we are the only company that wants people to add file to a folder and then never be able to do anything other than read that file.  Still open for suggestions.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
CSD-Tech

I'm not sure if this would help, but why don't you have a script or a batch file setup so that something checks the folder for anything new, if something is found reset the permission on the new file to become read only for everyone and add it to the list of current documents.

I know you can do this in VBScripting so it should be able to be done with any programming you want.