1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Folder Permissions on Network Drives?

By nkarunatilaka ยท 10 replies
Mar 5, 2007
  1. Regarding Network Drives (Mapped Drives) and Folder Permissions on a Network Domain.

    Anyways, I was wondering if anyone knew of how to set it up to where users had permissions to create folders/files, write, and read access, but dont have permissions to rename folders, move, and/or delete them.

    If there was anyway to do this and you knew, I would appreciate any help.

    Currently, we are running our network with Windows 2003 Server, and we do not have a group policy setup.
  2. jobeard

    jobeard TS Ambassador Posts: 10,432   +801

    Unless update-in-place is implemented, a save (after some edit)
    is ususally a delete, create, write sequence and this makes it difficult to
    avoid rename/move/delete.

    Someone with more XP/Pro or servier 2003 experience might have more insight ...
  3. tipstir

    tipstir TS Ambassador Posts: 2,425   +112

    Make them either Power Users or Remote Desktop users, this will give them the access you need. That's what our local domain is set for each user on AD Windows 2003 Server Remote Desktop users. Each should be setup by default when they sign into their system. AD profile roles should be setup for each account or per computer ID. Depending on how you have your domain structured.

    Company A AD is different from Company B for Active Directory.
    Managed Software
    or SMS Package Software
  4. mikescorpio81

    mikescorpio81 TS Rookie Posts: 293

    Remove the "Everyone" group from the folder security tab option and give the "users" group read and write permission. Then add the "Owner" group and give them modify writes. This will allow users to create folders, but will deny them permission to delete or modify folders they did not create.

    Do this at the top-level of the folder structure and apply to all files, folders and sub-folders.
  5. nkarunatilaka

    nkarunatilaka TS Rookie Topic Starter

    Where you said give the users group Read and Write permission, what about the 'Read and Execute' and the 'List Folder Contents' options?

  6. mikescorpio81

    mikescorpio81 TS Rookie Posts: 293

    "Read and Execute" is fine. Same thing really ...

    You don't really have to go through Advanced security options, but if you are, those options are fine. They will not allow the users to delete and/or modify.

    In my last post I should have said CREATOR OWNER group ... sorry about that.
  7. nkarunatilaka

    nkarunatilaka TS Rookie Topic Starter

    Read Only Errors Appeared

    Yea so i did all the setting that you told me, once i hit apply, it took some time seeing as how it had to process through 500gb of files.

    Neways, for some reason, after the security attributes went through, it modified the folder and all subfolders and files within it to read-only. Everytime i rightclicked and hit properties and tried to change the read-only attribute, it seemed like it work, then I went to properties again it came right back.

    After several hours, it appeared that under every subfolder within the parent folder (the folder i modified) it gave the "Domain Users" group (the group I modified) only Read & Execute, List Folder Contents, and Read options. I then had to go through everyfolder and edit the security settings and give them Full Control / Write inorder for the files to not appear as Read-Only on the workstations.

    I found that very odd. Just wondering if that is normal... =/

    Although these problems arose, I was able to fix it in the end, so no harm done. Except that certain folders wont let me change the security permissions to allow full control/write abilites, eventhough im logged in as the Domain Admin.

    Im just afraid that these problems could reappear tomorrow...
  8. tipstir

    tipstir TS Ambassador Posts: 2,425   +112

    You should delgate roles and create scope so this type of problem doesn't repeat itself.

    Make users member of in AD: xyz-company_folder_access



    or computers

  9. nkarunatilaka

    nkarunatilaka TS Rookie Topic Starter

  10. tipstir

    tipstir TS Ambassador Posts: 2,425   +112

    Are you running SP1 on those workstations or SP2. There was and issue with folders on server with SP1 where the user couldn't do certain task where they could under SP2. I see the MS link talks about that same subject.
  11. mikescorpio81

    mikescorpio81 TS Rookie Posts: 293

    Playing around with permissions is indeed dangerous, and you should have a good understanding of Microsoft folder security and Active Directory in general.
    The first core exam book for Server 2003 (Exam 70-290) has quite alot of information on how to properly configure share and security permissions for users and groups.

    Always apply permissions at the top-level of the folder structure, try not to add single users in security settings (groups only, as it can become confusing), understand what groups have what permissions and what permissions allow users and groups to do certain tasks.

    Read and execute at the top-level is good for a start, then you can go deeper within the folder structures and assign groups "write" or "modify" permissions (make sure to remove allow inherited permissions ... when configuring a single sub-folder) as users require them.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...