Re: NTFS Permissions Issue (Locking Down a Top-Level data folders)
- From: schweizer.martin@xxxxxxxxx
- Date: Thu, 6 Dec 2007 23:22:54 -0800 (PST)
Hello Adrian
I'm in the same situation. Is there a better solution?
Regards,
On 23 Nov., 08:20, VFR <paech.adr...@xxxxxxxxxxxxxxxx> wrote:
Hello,
I am having an issue with configuring NTFS permissions and Im
struggling to find an appropriate solution..
My issue is regarding the management of top-levelfolderpermissions.
My goal is to prevent end-users from deleting, moving and/or renaming
"top-level" folders while still allowing them to traverse, create,deleteand modify the files and folders below the top-levelfolder.
Example Structure:
Drive: X
-> TL-Folder-A
-> 2ND-Level-Folder-A
-> 3RD-Level-Folder-A
-> FileX
-> FileY
-> 3RD-Level-Folder-B
-> 3RD-Level-Folder-C
-> 3RD-Level-Folder-D
-> 2ND-Level-Folder-B
-> 2ND-Level-Folder-C
-> TL-Folder-B
-> TL-Folder-C
There are two solutions i have attempted so far:
SOLUTION 1:
1. Grant the appropriate group "Modify" permissions (Scope: ThisFolder, Subfolders and files) to the Top-Levelfolder(e.g.: TL-Folder-
A).
2. Navigate to the "Advanced" permission options.
3. Uncheck the "Delete" option under the advanced permissions.
4. Check the "DeleteSubfolders and Files" option under the advanced
permissions.
This actually works pretty well..
It allows users to create,deleteand modify files and folders below
the TLFolder, but notdeletethe TLFolder itself.
This is great except end-users can still move and/or rename thefolder.
I would like to prevent this if possible.
SOLUTION 2:
1. Grant the appropriate group "Modify" permissions (Scope: Subfolders
and files only) to the Top-Levelfolder.
2. Grant the appropriate group "Read & Execute" permissions (Scope:
ThisFolderonly) to the Top-Levelfolder.
This link "http://www.webservertalk.com/
archive93-2006-2-1387534.html" (Post 3) provides a slightly different
explanation of the same solution...
Unfortunately this does not achieve what I want at all.
If we apply this solution to "TL-Folder-A" using the "Example
Structure" above, the following occurs:
"TL-Folder-A" Cannot be modified, moved or deleted by the user
(fantastic, exactly what I want)
Users can list and read all data below "TL-Folder-A". (great)
Users ---"CANNOT"--- modify and/or create sub folders and files under
"TL-Folder-A" (NOT GOOD, I need users to have these rights)
However, users ---"CAN"--- create, modify anddeletesubfolders and
files under "2ND-Level-Folder-A", "2ND-Level-Folder-B", "2ND-Level-Folder-C" and at lower levels.
So as you can see, both solutions almost works, but not quite...
----
Also I am NOT willing to block inheritance as a solution.
Blocking inheritance is a sloppy way of managing permissions as it
makes it very difficult to complete system wide changes (e.g.:
granting a new group access to data across an entirefolder
structure).
Hopefully some smart person out there can help me out.
I have been looking into this for sometime and its really bugging me.
Thanks in advance!
Regards,
Adrian
.
- Follow-Ups:
- Re: NTFS Permissions Issue (Locking Down a Top-Level data folders)
- From: Logging . Notification
- Re: NTFS Permissions Issue (Locking Down a Top-Level data folders)
- Prev by Date: Re: Windows Server 2003 SP2 Fails - 'Access is Denied' (PLEASE HE
- Next by Date: Re: New Partition
- Previous by thread: New Partition
- Next by thread: Re: NTFS Permissions Issue (Locking Down a Top-Level data folders)
- Index(es):
Relevant Pages
|
