Solved

Define advanced permission for folders

Posted on 2015-01-27
7
76 Views
Last Modified: 2015-02-11
Hi folks!

My question is this:

What permissions should be given to the folder and files contained in it,

to allow users to see, run, modify and update the files in the folder, but they could not

erase files and sub-folders or move them to another location?
0
Comment
Question by:nesher13
7 Comments
 
LVL 24

Expert Comment

by:NVIT
ID: 40572225
I think the modify right presumes the erase right, also.
0
 
LVL 19

Expert Comment

by:helpfinder
ID: 40572232
right click to folder>Properties>Security tab>Advanced>change permissions>choose User/Group>click Edit>Deny Delete and Delete subfolders and files
use this for user(s) or group(s) you want to restrict acces
0
 

Author Comment

by:nesher13
ID: 40572240
NewVillageIT,

first of all thank you very much for the quick response

is it possible to specify in more detail?
Ideally I would like to get a picture of the screen
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 79

Expert Comment

by:David Johnson, CD, MVP
ID: 40572350
modify implies delete.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40572411
I played around with this idea a while back and came to the conclusion that whilst it is definitely possible with some file types, it just wasn't practical enough for my clients as it introduced one major hurdle (which I will mention below). Either way, if you're interested to test for yourself you can follow the below steps:

- Right click on the folder in question then click on Properties
- Click on the Security tab then click Advanced
- Click Edit to allow you to make changes to the Include inheritable permissions from this object's parent box as it should be greyed out thanks to UAC
- Once you've clicked Edit, you should be able to untick the Include inheritable permissions from this object's parent box
- Click Copy when prompted
- Now highlight the user or security group containing your users that you do not want deleting files/folders then click on Edit
- Tick the following boxes in the Deny column:
- Delete subfolders and files
- Delete
Modify-without-Delete.png- Make sure the Full control, Change permissions and Take ownership boxes are all left unticked in the Allow column
- OK your way out when done

Now the problem with the above is that it will introduce one major issue - your users won't be able to edit existing Office documents (e.g. Word, Excel, PowerPoint, etc.). They will be prompted to save the document with another file name each time they modify a file. Obviously this is not ideal and annoyed the heck out of my clients who wanted to implement this sort of thing.

If you don't want users accidentally deleting a file/folder then enable auditing and then have management give them a stern warning each time files/folders go missing. They'll eventually learn.
0
 

Author Comment

by:nesher13
ID: 40572439
David Johnson,

I think that the basic permission is a combination of
special (granular) permissions and therefore I need solution with the granular permissions
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 40573493
Once you provide modify rights, users would be able to move \ delete files and folder in addition to movement
Whatever you looking for, will get this functionality with some limitations
You cannot rename files and folders unless you provide delete permissions
For Example users will not be able to rename files and folders once created in shared folder, if you want to create folder \ file with custom name, you need to 1st create it on desktop and then need to copy at share location, however once files get created you can modify files contents and save again.

If you grant users modify permissions, you can restrict them to delete folder itself, this can be achieved by granting explicit deny delete permissions to authenticated users on folder advanced permissions with applies to This folder only
For that U need to add required user \ group explicitly on advanced tab
It should look like below
Deny DeleteCheck below articles for more information
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_28493997.html
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question