Solved

Define advanced permission for folders

Posted on 2015-01-27
7
78 Views
Last Modified: 2015-02-11
Hi folks!

My question is this:

What permissions should be given to the folder and files contained in it,

to allow users to see, run, modify and update the files in the folder, but they could not

erase files and sub-folders or move them to another location?
0
Comment
Question by:nesher13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 24

Expert Comment

by:NVIT
ID: 40572225
I think the modify right presumes the erase right, also.
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 40572232
right click to folder>Properties>Security tab>Advanced>change permissions>choose User/Group>click Edit>Deny Delete and Delete subfolders and files
use this for user(s) or group(s) you want to restrict acces
0
 

Author Comment

by:nesher13
ID: 40572240
NewVillageIT,

first of all thank you very much for the quick response

is it possible to specify in more detail?
Ideally I would like to get a picture of the screen
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 81

Expert Comment

by:David Johnson, CD, MVP
ID: 40572350
modify implies delete.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40572411
I played around with this idea a while back and came to the conclusion that whilst it is definitely possible with some file types, it just wasn't practical enough for my clients as it introduced one major hurdle (which I will mention below). Either way, if you're interested to test for yourself you can follow the below steps:

- Right click on the folder in question then click on Properties
- Click on the Security tab then click Advanced
- Click Edit to allow you to make changes to the Include inheritable permissions from this object's parent box as it should be greyed out thanks to UAC
- Once you've clicked Edit, you should be able to untick the Include inheritable permissions from this object's parent box
- Click Copy when prompted
- Now highlight the user or security group containing your users that you do not want deleting files/folders then click on Edit
- Tick the following boxes in the Deny column:
- Delete subfolders and files
- Delete
Modify-without-Delete.png- Make sure the Full control, Change permissions and Take ownership boxes are all left unticked in the Allow column
- OK your way out when done

Now the problem with the above is that it will introduce one major issue - your users won't be able to edit existing Office documents (e.g. Word, Excel, PowerPoint, etc.). They will be prompted to save the document with another file name each time they modify a file. Obviously this is not ideal and annoyed the heck out of my clients who wanted to implement this sort of thing.

If you don't want users accidentally deleting a file/folder then enable auditing and then have management give them a stern warning each time files/folders go missing. They'll eventually learn.
0
 

Author Comment

by:nesher13
ID: 40572439
David Johnson,

I think that the basic permission is a combination of
special (granular) permissions and therefore I need solution with the granular permissions
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40573493
Once you provide modify rights, users would be able to move \ delete files and folder in addition to movement
Whatever you looking for, will get this functionality with some limitations
You cannot rename files and folders unless you provide delete permissions
For Example users will not be able to rename files and folders once created in shared folder, if you want to create folder \ file with custom name, you need to 1st create it on desktop and then need to copy at share location, however once files get created you can modify files contents and save again.

If you grant users modify permissions, you can restrict them to delete folder itself, this can be achieved by granting explicit deny delete permissions to authenticated users on folder advanced permissions with applies to This folder only
For that U need to add required user \ group explicitly on advanced tab
It should look like below
Deny DeleteCheck below articles for more information
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28493997.html
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question