file permissions validation

Someone changes folder names which caused users to not be able to find their folders/files
the change was made at the root of T:\\deptfiles location.
I tried trying change permissions on group everyone to read only, but then users couldn't make any changes to any of their files.
I'm thinking that Authenicated users group, needs to have modify attribute removed, but I wanted someone to verify that it won't restrict users access to modify their files.  At the same time I can't have users change file names on root folders under Deptfiles either.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
set the permissions in right click -> properties -> security -> advanced

in here there are more options and it will be easier for you to remove write.

if authenticated users has this permission assigned to it and you have for example a group with some users in it assigned different permissions, the least restrictive will apply here.

just play around with it and test it out.
jim3725Author Commented:
I am unsure on whether or not to replace all inheritable permissons on this check box or not,
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
it depends, this tickbox means do you want to remove the permissions from above folder, always use advanced permissions manager gives you more control, you will get used to it.

for example if i had share 1 and 5 folders inside share 1 and 5 sub folders inside 5 folders, from top level share i have a group assigned full control, this is fine for me, but in folder 5 i want the sub folders to have a completely different set of permisssions so i would go to folder 5 right click properties advanced and use this tickbox in this instance, it locks this folder and below folders off from the permissions above.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

jim3725Author Commented:
Presently the authenticated users at the deptfiles is at the top of the tree. Since authenticated users have these permissions, then they pass down to the inheritable folders. Whatever change I make on authenticated users, will affect the entire file structure. If I don't use the check box to replace all inheritable permissions, then will it still change the permissions on the subfolders.  I want to minimize impact.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
there are two checkboxes

1. remove inheritable permissions or something like that - i explained this one above

2. replace all child permissions or something like that - this one pushes the permissions down to all sub folders and files from the point its set

3. authenticated users is a group that includes all users and objects in AD.

using my example above, i could set different permissions for folder 5 using the remove inheritable checkbox.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jim3725Author Commented:
I wanted to only remove authenticated users on a subfolder that was inherited from parent.
That way I can test this with on separate subfolders.  I am attaching a printscreen on my question
jim3725Author Commented:
I am not sure if I do a remove of all inheritable positions , on each folder, then only that groups defined
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
I don't open files on here as I'm usually on smart phone or work pc.

you can make this change no problems. it affects only this and below folders and files. just get stuck into it have to break eggs to make an omelette.
jim3725Author Commented:
I am removing the inherited permissions, and also checking on any shares that may have access within the folder structure, to give permissions.  Having inherited permissions is definitely a security risk.
jim3725Author Commented:
confirmation on removing inheritable permissions lessen my stress :-)
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
no its not, it depends on the share.

this is how i do it and i work for a PCI compliant company atm.

5 Drives(by drive i mean share) - All setup through group policy preferences with AD security groups.
Drive1 - contains operation data pretty much open access from top to bottom for the operations security group.
Drive2 - contains IT data pretty much open access bar several folders which are inherited unticked.
Drive3 - Finance and HR1 very tight security on this drive locked down to the security group for access and ntfs permissions.
Drive4 - Same as drive 3. Management drive.

What I did here is I segregate all the important data into one or two tightly locked down drives.
Just to give you an idea of how i did it, I have a group policy windows 2008 R2 that automatically maps drives at logon for users(no logon scripts) if they are a member of security groups.

How I set our few folders with custom access, untick inheritable permissions. I started at the very top in computer management permissions of the share advanced, set my permissions for the drive and did replace all child objects text box. so i have no restricted folders when i do this, one share same permissions top to bottom but then i go and select the folders to lock off and untick inheritable permissions and set the permissions again as i want them.

sorry for being terrible at explaining them things.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
nice job buddy, tyy
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.