NTFS Special Permission

Hello Expert,
We already have a shared folder on the fileserver called “Marketing”, inside this “Marketing” shared folder there are lots of other folders, subfolders and files which already created by some other users.  Now I want to add a new user say test1 to this “Marketing” shared folder.

Test1 user should only have the following permissions:-
1) Read all files which are under the “Marketing” shared folder and under all of the subfolders
2) Create new folders and new files under the “Marketing” shared folder and all of the subfolders
3) Modify the contents of all existing files and save changes into it under the “Marketing” shared folder and all of other subfolders
4) Rename all of the folders, subfolders and files under the “Marketing” shared folder
5) User Test1 should be restricted from deleting any folders, subfolders, files and even the “Marketing” shared folder itself
6) User Test1 should be restricted from taking ownership of any folders, subfolders, files and even the “Marketing” shared folder itself

Expert can you please tell me what NTFS special permissions should I give to the user test1 to achieve above abilities?
Steps I already completed are:-
1) Added the user test1 to the shared folder “Marketing”
2) Assigned the Share Permission as:-
Authenticated User = Full Control
3) I am stuck now, what NTFS special permissions should I give next to the user test1

Regards,
smpvmAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
Just remove full control  from user test1 for "Marketing" share - and permit everything else. That should be it.
0
Seth SimmonsSr. Systems AdministratorCommented:
remove delete and delete subfolders and files (at the folder level) also
just removing full control leaves the other check boxes enabled including delete
0
smpvmAuthor Commented:
Hello Seth,

You mean Give Share Level Permission as :-
Authenticated User = Change and Read

Folder Level Permission, Uncheck the following:-
1)Full Control
2)Delete Subfolders and Files
3)Delete
4)Change Permissions
5)Take ownership
0
MaheshArchitectCommented:
Point 4 and 5 will not work same time in your case
4) Rename all of the folders, subfolders and files under the “Marketing” shared folder
5) User Test1 should be restricted from deleting any folders, subfolders, files and even the “Marketing” shared folder itself

In order to rename files and folders user must have delete permissions on folders and files, otherwise it cannot rename
Once you grant modify permissions, user can delete files and folders
The 6th point is OK, with modify permissions user cannot take folder ownership provided that creator owner group is removed from folder ACL

To do what you are trying to do with some limitations:
Grant authenticated users \ everyone group full control share perms
On NTFS ACL, disable inheritance on root share with copy option and then remove Creator owner group, ensure administrators group has full control NTFS perms
Now add required user modify permissions on folder root
Now in order to prevent this user from deleting marketing root folder itself, go to marketing folder advance perms and deny delete perms for that user with this folder only as permissions scope.

It should look like below
MarketingU need to add that user account twice on ACL so that one perm will be modify with this folder, sub folders and files with allow
AND
another perm will be deny delete with this folder only

You may check best practice to setup share folders in below article at end.
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_17526-NTFS-File-System-Folder-ownership-problems-and-resolution.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.