Solved

Define advanced permission for folders

Posted on 2015-01-27
7
74 Views
Last Modified: 2015-02-11
Hi folks!

My question is this:

What permissions should be given to the folder and files contained in it,

to allow users to see, run, modify and update the files in the folder, but they could not

erase files and sub-folders or move them to another location?
0
Comment
Question by:nesher13
7 Comments
 
LVL 23

Expert Comment

by:NVIT
ID: 40572225
I think the modify right presumes the erase right, also.
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 40572232
right click to folder>Properties>Security tab>Advanced>change permissions>choose User/Group>click Edit>Deny Delete and Delete subfolders and files
use this for user(s) or group(s) you want to restrict acces
0
 

Author Comment

by:nesher13
ID: 40572240
NewVillageIT,

first of all thank you very much for the quick response

is it possible to specify in more detail?
Ideally I would like to get a picture of the screen
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40572350
modify implies delete.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40572411
I played around with this idea a while back and came to the conclusion that whilst it is definitely possible with some file types, it just wasn't practical enough for my clients as it introduced one major hurdle (which I will mention below). Either way, if you're interested to test for yourself you can follow the below steps:

- Right click on the folder in question then click on Properties
- Click on the Security tab then click Advanced
- Click Edit to allow you to make changes to the Include inheritable permissions from this object's parent box as it should be greyed out thanks to UAC
- Once you've clicked Edit, you should be able to untick the Include inheritable permissions from this object's parent box
- Click Copy when prompted
- Now highlight the user or security group containing your users that you do not want deleting files/folders then click on Edit
- Tick the following boxes in the Deny column:
- Delete subfolders and files
- Delete
Modify-without-Delete.png- Make sure the Full control, Change permissions and Take ownership boxes are all left unticked in the Allow column
- OK your way out when done

Now the problem with the above is that it will introduce one major issue - your users won't be able to edit existing Office documents (e.g. Word, Excel, PowerPoint, etc.). They will be prompted to save the document with another file name each time they modify a file. Obviously this is not ideal and annoyed the heck out of my clients who wanted to implement this sort of thing.

If you don't want users accidentally deleting a file/folder then enable auditing and then have management give them a stern warning each time files/folders go missing. They'll eventually learn.
0
 

Author Comment

by:nesher13
ID: 40572439
David Johnson,

I think that the basic permission is a combination of
special (granular) permissions and therefore I need solution with the granular permissions
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40573493
Once you provide modify rights, users would be able to move \ delete files and folder in addition to movement
Whatever you looking for, will get this functionality with some limitations
You cannot rename files and folders unless you provide delete permissions
For Example users will not be able to rename files and folders once created in shared folder, if you want to create folder \ file with custom name, you need to 1st create it on desktop and then need to copy at share location, however once files get created you can modify files contents and save again.

If you grant users modify permissions, you can restrict them to delete folder itself, this can be achieved by granting explicit deny delete permissions to authenticated users on folder advanced permissions with applies to This folder only
For that U need to add required user \ group explicitly on advanced tab
It should look like below
Deny DeleteCheck below articles for more information
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28493997.html
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now