asked on Folder permissions on server 2012
Dear All
I am struggling with folder permissions on server 2012, and would like some help with the following please.
I have a route folder called UMA, under that I have various sub folders like IT, HR, Business Development and so on. I have created the users and groups by department and would like to achieve the following:
1. All groups to be able to see the UAM share and sub folders within UMA
2. All groups should not be able to add any extra folders to the main UMA folder (root).
3. Only groups that the system administrator add to the each sub folders should be accessible by that one group.
4. Once that group has access to their corresponding folder they should be able to add folders but not be able to delete but can delete file with any sub folder.
![permissions]()
I hope that explain my situation and is following best practice but if not I would be happy to take advice.
Many thank in advance.
Alex
I am struggling with folder permissions on server 2012, and would like some help with the following please.
I have a route folder called UMA, under that I have various sub folders like IT, HR, Business Development and so on. I have created the users and groups by department and would like to achieve the following:
1. All groups to be able to see the UAM share and sub folders within UMA
2. All groups should not be able to add any extra folders to the main UMA folder (root).
3. Only groups that the system administrator add to the each sub folders should be accessible by that one group.
4. Once that group has access to their corresponding folder they should be able to add folders but not be able to delete but can delete file with any sub folder.
I hope that explain my situation and is following best practice but if not I would be happy to take advice.
Many thank in advance.
Alex
Windows Server 2012Active DirectoryMicrosoft Legacy OS
Last Comment
Will Szymkowski
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
My own opinion do not use deny. it is the most restrictive permission and not a good practice. Create multiple ACL permissions using the "Applys To" selection.
Will.
Will.
ASKER
How can I hire an expert? Just finding this very hard to be honest.
I am reachable if needed.
Will.
Will.
Let's start with the UMA folder.
![Open the folder properties.]()
![Click on the 'Security' tab and choose 'Advanced'.]()
![Select 'Disable inheritance'.]()
![Capture.JPG]()
![Results in no inheritance.]()
![Capture.JPG]()
![Example read-only access settings.]()
NOTE: The 'Applies to' drop-down settings.
![Capture.JPG]()
![Capture.JPG]()
Let me know what you have these steps completed and we will continue to the next batch of steps.
-saige-
1. Disable inheritance.
2. Remove all permissions with exception to those assigned SYSTEM, CREATOR OWNER and Administrators.
3. Add the groups that you want to have read level access and the groups that you want to have Full control access (personally, I would realistically think about providing Read-Access to Authenticated Users).
NOTE: The 'Applies to' drop-down settings.
4. After adding all of the root level permissions, select the '[b]Replace all child object permission entries with inheritable permission entries from this object[/b]' and press Apply.
Let me know what you have these steps completed and we will continue to the next batch of steps.-saige-
Agreed with Will you do not want to Deny permissions.
-saige-
-saige-
ASKER
Will how do I reach you, would love a team viewer and Skype session on this if at all possible. What is you availability? Where are you based? What would the fee be and how do I pay you?
Please you the messaging system outside of the question. I have sent you a message.
Will.
Will.
1. Right-click the UAM folder >properties>security tab >click advanced Now take a screenshot of what you have in there.
2. Click change permissions, uncheck Include inheritable permissions from this object's parents
3. Add all the groups that need to see the UAM folder and for each group click edit and give them list folder/read data "allow"
Give SYSTEM "full control", Give your "system Administrator user or group" full control
4. For each folder for your specific groups you will do steps 1 and 2 and 3, but for the corresponding groups to their folders you will highlight the group click edit and
list folder/read data allow
create folders/append data allow
create files/ write data allow
delete subfolders and files allow
Delete deny
You can pretty much customize it to your liking in this section.