ACL's

[Apparition]

I have a shared folder on my file server and I need to
lock down security on it using the ACL's.

I want to give a group of users modify access to all of
the files within the shared folder and also on all of
files within it's sub-folders, but I want to restrict them
from deleting or renaming the actual folder and subfolders
themselves.

I know that this is theoretically possible under Windows
2000 ACL's, but I'm having trouble getting my head round
exactly what I need to do. Can anyone help?

 

[serverguy]

I think the only way you can do it is to go into the advanced permissions
dialog and explicitly "deny" delete for those objects. The problem you will
run into is inheritance. Since child objects inherit permissions from the
parent, if you deny delete on a folder, the files within that folder will
also get deny delete so nobody will be able to delete files. So, you would
need to uncheck the allow inheritable permissions checkbox on the folders
which means each sub-folder will need to have it's own permissions.

Hope this helps

 

[Steven L Umbach]

Try this. First make sure the everyone group has no more than read/list/execute
permissions to the root/drive folder. Then on the top folder in question give the
group read/list/execute permissions in the general security page. Then go into the
advanced page, select add, add the group again, in the apply onto box select files
only and select all permissions but the bottom two - change permissions and take
ownership. Hit apply and see if that helps. You might have to logoff and back on for
changes to go into effect.--- Steve