Folder Permissions on Network Drives?

Status
Not open for further replies.
N

nkarunatilaka

Regarding Network Drives (Mapped Drives) and Folder Permissions on a Network Domain.

Anyways, I was wondering if anyone knew of how to set it up to where users had permissions to create folders/files, write, and read access, but dont have permissions to rename folders, move, and/or delete them.

If there was anyway to do this and you knew, I would appreciate any help.

Currently, we are running our network with Windows 2003 Server, and we do not have a group policy setup.
 
nkarunatilaka said:
Anyways, I was wondering if anyone knew of how to set it up to where users had permissions to create folders/files, write, and read access, but dont have permissions to rename folders, move, and/or delete them.
Click to expand...
Unless update-in-place is implemented, a save (after some edit)
is ususally a delete, create, write sequence and this makes it difficult to
avoid rename/move/delete.

Someone with more XP/Pro or servier 2003 experience might have more insight ...
 
Make them either Power Users or Remote Desktop users, this will give them the access you need. That's what our local domain is set for each user on AD Windows 2003 Server Remote Desktop users. Each should be setup by default when they sign into their system. AD profile roles should be setup for each account or per computer ID. Depending on how you have your domain structured.



Company A AD is different from Company B for Active Directory.
Managed Software
or SMS Package Software
 
Remove the "Everyone" group from the folder security tab option and give the "users" group read and write permission. Then add the "Owner" group and give them modify writes. This will allow users to create folders, but will deny them permission to delete or modify folders they did not create.

Do this at the top-level of the folder structure and apply to all files, folders and sub-folders.
 
mikescorpio81 said:
Remove the "Everyone" group from the folder security tab option and give the "users" group read and write permission. Then add the "Owner" group and give them modify writes. This will allow users to create folders, but will deny them permission to delete or modify folders they did not create.

Do this at the top-level of the folder structure and apply to all files, folders and sub-folders.
Click to expand...
Where you said give the users group Read and Write permission, what about the 'Read and Execute' and the 'List Folder Contents' options?

-Thanks
 
"Read and Execute" is fine. Same thing really ...

You don't really have to go through Advanced security options, but if you are, those options are fine. They will not allow the users to delete and/or modify.

In my last post I should have said CREATOR OWNER group ... sorry about that.
 
Read Only Errors Appeared

Yea so i did all the setting that you told me, once i hit apply, it took some time seeing as how it had to process through 500gb of files.

Neways, for some reason, after the security attributes went through, it modified the folder and all subfolders and files within it to read-only. Everytime i rightclicked and hit properties and tried to change the read-only attribute, it seemed like it work, then I went to properties again it came right back.

After several hours, it appeared that under every subfolder within the parent folder (the folder i modified) it gave the "Domain Users" group (the group I modified) only Read & Execute, List Folder Contents, and Read options. I then had to go through everyfolder and edit the security settings and give them Full Control / Write inorder for the files to not appear as Read-Only on the workstations.

I found that very odd. Just wondering if that is normal... =/

Although these problems arose, I was able to fix it in the end, so no harm done. Except that certain folders wont let me change the security permissions to allow full control/write abilites, eventhough im logged in as the Domain Admin.

Im just afraid that these problems could reappear tomorrow...
 
You should delgate roles and create scope so this type of problem doesn't repeat itself.

Make users member of in AD: xyz-company_folder_access

users:

bsmith
tsmith
rsmith

or computers

wstr10920
 
Are you running SP1 on those workstations or SP2. There was and issue with folders on server with SP1 where the user couldn't do certain task where they could under SP2. I see the MS link talks about that same subject.
 
Playing around with permissions is indeed dangerous, and you should have a good understanding of Microsoft folder security and Active Directory in general.
The first core exam book for Server 2003 (Exam 70-290) has quite alot of information on how to properly configure share and security permissions for users and groups.

Always apply permissions at the top-level of the folder structure, try not to add single users in security settings (groups only, as it can become confusing), understand what groups have what permissions and what permissions allow users and groups to do certain tasks.

Read and execute at the top-level is good for a start, then you can go deeper within the folder structures and assign groups "write" or "modify" permissions (make sure to remove allow inherited permissions ... when configuring a single sub-folder) as users require them.
 
Status
Not open for further replies.

Similar threads

midian182
Insomniac Games hackers leak Wolverine footage, Spider-Man 2 details, 12-year release...
Replies
3
Views
274
Puiu
Puiu
MikeEwins
Unidentified Network
Replies
24
Views
3K
MikeEwins
MikeEwins
AlphaX
Western Digital hopes to release HAMR drives within the next 1.5 years
Replies
2
Views
431
Kashim
K

Latest posts

Back