locked
Folder and Sub Folder Userright Setting Issue RRS feed

  • Question

  • I have problems in setting Folders and Files Security in Window Server 2008.

    Folder Structure:

    A Folder (Sub A, Sub B, Sub C Folder, Files lying outside Sub A, B, C Folder)

    B Folder (Sub A, Sub B, Sub C Folder, Files lying outside Sub A, B, C Folder)

    C Folder (Sub A, Sub B, Sub C Folder, Files lying outside Sub A, B, C Folder)

    D Folder (Sub A, Sub B, Sub C Folder, Files lying outside Sub A, B, C Folder)

    .... etc

    What our company need to do:

    1, Not allow Staff to Delete files but staff can create a file and save

    2. Staff are allowed to Save As the file to another document (a new file with new filename) in the server

    3. Staff are allowed to Move files inside the sub folder e.g. from Files Lying outside Sub A,B,C Folders into Sub A Folder

    4. Staff are allowed to replace a file (same filename)

    How can i set in the above folder security? Currently I am able to set only 1... but not 2,3,4...

    Thanks!

    Wednesday, March 14, 2012 10:10 AM

Answers

  • Hi,

    Thank you for the post.

    To set users no delete file permission:

    1. Grant Full Control share permission for users on share folder, set NTFS permission(folder security tab) to grant users all permissions except Full control and Special permissions.
    2. Click Advanced, double click the users permission entries, grant deny(checked deny) permission to Delete subfolders and files and Delete permission.

    With this settings, you could achieve goal 1, 2, 4, not 3. Move file operation include create and delete permission.

    Another method is to not grant(un-checked allow) users delete permissions instead of grant deny permission on them. With this settings, the file owner could move/delete the file which the owner created.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308419
    http://technet.microsoft.com/en-us/library/cc781374(WS.10).aspx

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support



    • Edited by Rick Tan Thursday, March 15, 2012 7:15 AM
    • Marked as answer by Rick Tan Wednesday, March 21, 2012 6:06 AM
    Thursday, March 15, 2012 6:57 AM

All replies

  • Hi,

    Thank you for the post.

    To set users no delete file permission:

    1. Grant Full Control share permission for users on share folder, set NTFS permission(folder security tab) to grant users all permissions except Full control and Special permissions.
    2. Click Advanced, double click the users permission entries, grant deny(checked deny) permission to Delete subfolders and files and Delete permission.

    With this settings, you could achieve goal 1, 2, 4, not 3. Move file operation include create and delete permission.

    Another method is to not grant(un-checked allow) users delete permissions instead of grant deny permission on them. With this settings, the file owner could move/delete the file which the owner created.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q308419
    http://technet.microsoft.com/en-us/library/cc781374(WS.10).aspx

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support



    • Edited by Rick Tan Thursday, March 15, 2012 7:15 AM
    • Marked as answer by Rick Tan Wednesday, March 21, 2012 6:06 AM
    Thursday, March 15, 2012 6:57 AM
  • Hi, Rick.

    Follow your suggestions below:

    To set users no delete file permission:

    1. Grant Full Control share permission for users on share folder, set NTFS permission(folder security tab) to grant users all permissions except Full control and Special permissions.
    2. Click Advanced, double click the users permission entries, grant deny(checked deny) permission toDelete subfolders and files and Delete permission.

    With this settings, you could achieve goal 1, 2, 4, not 3. Move file operation include create and delete permission.

    Seems cannot still, can you do a print screen to illustrate?

    Many thanks!

    Wednesday, April 11, 2012 8:46 AM
  • Thursday, April 12, 2012 3:39 AM
  • Thanks Rick

    I set in server, however, there only have the step from step 3 that i can modify. where i can set step 1 and 2

    Thursday, April 12, 2012 3:58 AM
  • Hi,

    1.Disable share wizard: Windows explorer--Tool menu--Folder Options--View tab--Clear Use Sharing Wizard checkbox
    2.Set share permission: right click your share folder--Properties--Sharing tab--Advanced Sharing--Checked Share this folder, click Permission--Select Full Control--Click Apply
    3.Set NTFS permission to team1
    4.Set deny permission to team1
    5.Verify subfolder A inherit two team1 permission

    Regards


    Rick Tan

    TechNet Community Support

    Thursday, April 12, 2012 5:39 AM