AD Permissions.

  • Thread starter Thread starter ilovewindowsboy
  • Start date Start date
I

ilovewindowsboy

Does anyone know the answer to this.

I want to restrict an area on the network. I want them to
be able to save data and read data, but I don't want them
to be able to create folders and delete folders / files.
I have been looking and I see there are some extra
permissions in advanced unfortuantly I have not been able
to get the right permissions for this to work, any help
would be amazing :)
 
You need to set the appropriate permissions on the 'root' folder.

For example, if you have a folder called PUBLIC and this is a shared folder
and you would like it so that users can not create any files or folders
directly inside that PUBLIC folder simply give 'Domain Users' - or whatever
works for you - Read permissions to "THIS FOLDER ONLY" ( as an example ).
You would also need to give "Domain Users' - or whatever you used - the
appropriate permissions to "SUBFILES AND FOLDERS". This will allow them
to have access ( based on the permissions that you set ) to everything
inside that PUBLIC folder. Naturally you set permissions Administrators or
Domain Admins at Full Control!

So, this presents one problem. You have a shared PUBLIC folder but no one
can create any folders or files in it. Does not seem to be very useful,
right? Well, you can assign this task to certain individuals ( hopefully
members of the IT Team ) to create the folders that are needed by the user
community. Once these folders have been created the user community has
access to those folders.

Here is an example as my explanation might be a bit confusing:

You have a shared folder 'PUBLIC' on a WIN2000 File Server. You do not want
your users to be able to create any files or folders directly inside the
PUBLIC folder. You assign Joe and Sally ( members of the IT Team ) to be
responsible for creating folders directly inside of the PUBLIC folder. You
let your user community know that Joe and Sally need to be contacted for
this.

So, Mary has been put in charge of the Big Expo project. Mary calls Sally
requesting that Sally create a folder called 'Big Project 2004'. Everyone
in the company should be able to read everything in there but only five
people should be able to write to it. Sally creates the folder with the
desired name and sets the appropriate permissions. Everyone is happy.

Then, Frank calls and needs a Golf Tournament - Summer '04 folder created.
Sally does her thing.

Is this the best solution. Not sure. I used it in an environment with some
300 users and it worked well. Once you have those initial folders located
inside 'PUBLIC' the onslaught of requests dies down. The initial onslaught
should not really be that bad if everything is planned out and coordinated
with the user community.

HTH,

Cary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Folder Permissions. 4
NTFS Permission to deny user to copy files 3
folder permissions AD 1
Only view permission 3
Delete permissions from removed hard drive? 1
Game-guide apps delivered malware to 2 million Android users 0
Windows XP Help with c:\Windows\ Downloaded Program Files folder Permissions 1
Questions regarding permissions 2

Back
Top