NTFS permissions on file server

C

ciggwin

Supreme [H]ardness
Joined
May 30, 2006
Messages
4,861
I've been trying to figure this out for a few hours now and I can't get it right. HELP!

My file server has the following setup...

_DATASHARE
_ _ folder 1
_ _ _ a
_ _ _ b
_ _ _ c
_ _ folder 2
_ _ _ a
_ _ _ b
_ _ _ c
etc.

I do not want people to be able to delete or move folder 1 or folder 2. That is essentially the root of the server.
I also do not want them to be able to delete or move folders a, b, c, etc.
However they should have full modify access to subfolders of a, b, c, etc.

How do I accomplish this goal? Do I need to set the permissions individually on each folder? *yuck* - I am hoping that I can set something up with inheritance.

I have almost figured it out by using the "Apply only to ... within this container only" option but I am not sure that is what I want here.

Thanks :)


 
Unfortunately because you want the top level folders to remain untouched, but their contents modifiable you are going to have to manually set each folder's permissions otherwise all the files in sub-folders A B C will also have the same lack of move or delete permissions.
 
Hmm ok... would I be able to lock down the DATASTORE so at least the folders in that folder (folder 1, folder 2) could not be moved/deleted, but the subfolders of folder 1, folder 2 could be modified?

If I am understanding this correctly, I would then have to set individual permissions on folder 1, folder 2, etc. to apply to "This folder, subfolders and files" or "Subfolders and files only"?

 
Your best bet I think is to,

DATASTORE - |You - Full Control| |Everyone - Special Permissions - Traverse Folders - List Content|
FOLDER 1 - Inherit Permission from DATASTORE
A - Inherit Permission from FOLDER 1
B - Inherit Permission from FOLDER 1
C - Inherit Permission from FOLDER 1

Initially this will create it so you have full access and everyone else can trasverse folders and view subfolders and files. They will not be able to read, write, execute, delete etc.

Then I would use XCALCS (http://support.microsoft.com/kb/825751) to give other users access to the folder they need. For example

xcacls.vbs c:\DATASTORE\FOLDER 1\A /g "User1":xmlrw /f /t /e

Will give User1 read, write, list, modify and execute permssion to folder A and anything in it. But they will not be able to delete.
 
You must log in or register to reply here.
Back
Top