Re: Folder Creation Rights

---

• From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
• Date: Wed, 16 Apr 2008 19:08:57 -0400

---

In news:vaqc045as35hhvbo7fibrmn0q4081cb29i@xxxxxxx,
George <George@yahoo##.com> typed:

Hello,

Is it possible to allow all domain users access to all files and
folders on a certain share, yet prevent users (except one) from create
new folders and sub folders? O/S is Windows 2003.

Thank you,
George

Yes. Simply share the folder with the following perms:

Share perms:
Authenticated Users = C
Domain Admins = FC

NTFS perms:
Authenticated Users = R
Group1Modify = M (that can perform what you are asking)
Group2ReadOnly = R (that can't)

If you want Group2ReadOnly to be able to change files but not create sub
folders, don't add them in the DACL (Discretionary Access Control List)
because that is a standard set of combined permissions, but rather click on
Advanced and add the group in the Advanced ACL (Access Control List) and
select the group, click Edit to get in the ACEs (Access Control Entries),
and specify specifically the perms you want to allow for this object, child
objects, this object only, etc.

Windows Security News: Learning Guide: Access control
http://searchwindowssecurity.techtarget.com/news/article/0,289142,sid45_gci1025004,00.html

Understanding Windows NTFS Permissions
http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations


.

---

• Follow-Ups:
  • Re: Folder Creation Rights
    • From: George

• References:
  • Folder Creation Rights
    • From: George

• Prev by Date: Re: permissions
• Next by Date: Re: Blank Desktop no Task manager
• Previous by thread: Folder Creation Rights
• Next by thread: Re: Folder Creation Rights
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Folder Creation Rights ... Is it possible to allow all domain users access to all files and ... folders on a certain share, yet prevent users from create ... Simply share the folder with the following perms: ... don't add them in the DACL (Discretionary Access Control List) ... (microsoft.public.windows.server.general) CACLS ... folders within the sharepoint database. ... inherit parent directory perms). ... In the windows world - this is what cacles / xcacls are ... (microsoft.public.sharepoint.portalserver) Re: Cannot Delete A Public Folder ... I don't see send as and Receive as as listed perms on my public folder ... and do properties...then the security tab from there... ... > Folders. ... (microsoft.public.exchange.admin) Network Permissions Help ... My office has a peer-peer network mixed with W2K and XP Pro Stations. ... We want to share some folders, but want to set access control ... I cannot give permissions to any other network users or computers as I ... (microsoft.public.win2000.networking) Re: Folder Creation Rights ... Is it possible to allow all domain users access to all files and ... folders on a certain share, yet prevent users from create ... It is also possible to set FILE permission different from the ... DIRECTORY (NTFS) permissions. ... (microsoft.public.windows.server.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.general  > 2008-04