asked on Set folders to read only server - 2008R2
We are migrating some data away form a 2008R2 server and would like to set some folders to read-only. It would have been easier if we could use share permissions, but in this case these are various sub-folders, as a opposed to the shared folder. So I am guessing I am looking for a script that blocks inheritance, retains the inherited permissions but changes the group granting RW access to users to only have RO access.
Windows Server 2008
Last Comment
rookie_b
You could also take the easier approach of setting file attributes to read only and/or hidden and system if you want to -- after all that is to stop users fiddling with the old folders as opposed to a security concern, i,e,
cd /d X:\somedir
attrib *.* +r /s/d
That will mark all files and folders read only from x:\somedir downwards regardless of NTFS or share permissions. Of course a user that has suitable ntfs permissions can change the attributes back to write but often suitable for stopping normal users and simpler than messing with complicated nested NTFS groups and structures?
Steve
cd /d X:\somedir
attrib *.* +r /s/d
That will mark all files and folders read only from x:\somedir downwards regardless of NTFS or share permissions. Of course a user that has suitable ntfs permissions can change the attributes back to write but often suitable for stopping normal users and simpler than messing with complicated nested NTFS groups and structures?
Steve
ASKER
Hi Steve, thank you for your response. Would that prevent users from adding new files, or does it only affect existing files?
ASKER
Ok, so, I tried using attributes, but it only sets it for files in folders, rather the actual folders. I can still rename files, rename folders, delete files and create new files, so it doesn't work for me.
Sorry, no!
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks Brian, it is definitely good advice. Unfortunately, in our case these are sub-folders of the shared folders, so there are no shares that map directly to the actual sub-folders.
With regards to changing the groups to read only the same applies - the groups are inherited from the higher level shared folders, and there are no groups that only apply to the individual sub-folders, hence we are having to look at blocking inheritance.
With regards to changing the groups to read only the same applies - the groups are inherited from the higher level shared folders, and there are no groups that only apply to the individual sub-folders, hence we are having to look at blocking inheritance.
ASKER
In the end we decided to only use share permission at top level folders, and if a set of subfolders absolutely had to be read-only, we'd move them to another location and share that as read-only. It is actually turned out to be less hassle then dealing with ntfs permissions changes/ errors.
If directory structure is not the usual top down and there are exceptions, next nest choice may be to create a specific set of read only groups now and assign them as appropriate.