[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 245
  • Last Modified:

Folder Permissions Windows Server 2008R2

Windows Server 2008R2

Our employees routinely move folders on accident.  

We have all of our client folders in the same place, but quite often Client A gets accidentally moved into Client B's folder.  I get that Windows search is the easy solution, haha.  

How can I apply permissions so that they can't move the client's folder any more?  

They should be able to have full permissions to all of Client A's subfolders & files however.  Is this possible?
0
2_under_par
Asked:
2_under_par
  • 5
  • 5
1 Solution
 
Steven WellsSystems AdministratorCommented:
hi

you should look to apply read or list folder content permissions to top level folders only. the modify rights underneath. that way the top level folder structure will remain intact.
0
 
awawadaCommented:
Agree Steven if you need more help let us know.
0
 
2_under_parAuthor Commented:
With regards to the Top Level Folder, I created Allow & Deny Permissions for a specific group of users.  So, there's 2 separate sets of permissions & when combined are the following... (see the pics for more detail)

Full Control: Deny
Traverse Folder / Execute File:  Allow
List Folder / Read Data: Allow
Read Attributes: Allow
Read Extended Attributes: Allow
Create Files / Write Data: Deny
Create Folders / Append Data: Deny
Write Attributes: Deny
Write Extended Attributes: Deny
Delete Subfolders & files: Deny
Delete: Deny
Read Permissions: Allow
Change Permissions: Deny
Take Ownership: Deny

Unfortunately, when I log in as a user in this group, I can move this folder into another folder.... which is what I am trying to avoid.  Any advice?  Thanks in advance.
Allow-1.png
Allow-2.png
Deny-1.png
Deny-2.png
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
Steven WellsSystems AdministratorCommented:
Try not to use any denies. You can use the security tab to view effective permissions to ensure they are what you expect them to be.  Top level only needs to be list folder contents permission
0
 
2_under_parAuthor Commented:
OK.  I removed the deletes, & set List Data / Read Data to Allow.  This folder is not inheriting permissions & not passing permission to child folders.  When logging on as a user, the folder is not visible.  Weird.
0
 
Steven WellsSystems AdministratorCommented:
You must at least have list otherwise folder won't be viewable by user.  This is called access based enumeration.
0
 
2_under_parAuthor Commented:
0
 
Steven WellsSystems AdministratorCommented:
Hi,These are templates?  Can you show me what it looks like in the real world? Also show me the advanced tab too?
0
 
2_under_parAuthor Commented:
No, sorry, the name of the top level folder is "Template".  I was hoping this folder could be used going forward as a client folder, where the permissions would be the same for every client.  They would just copy the "Template" folder & rename it to the Client name.
0
 
Steven WellsSystems AdministratorCommented:
Ok. That is fine. I think you should be ok. however I suspect the administrator would need to create and edit permissions for all top level folders, as if you just create a new folder, it will inherit permission from the folder above it.

ie, create a new folder with the client name

set the permission not to inherit.

Apply explicit permissions for this folder, but not sub folders

then you can adjust permissions below.

It may not be exactly what you are after but that is how NTFS permissions work.
0
 
2_under_parAuthor Commented:
I didn't initially get this to work, because I wasn't applying it to the root folder.  (The one I shared)
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now