NTFS folder permissions

  • Thread starter Thread starter el
  • Start date Start date
E

el

Hi all,
How do I set the permission settings on folder X in a share drive so that:
1. user can list the filenames in folder X
2. user can go into sufolders of folder X and list their filenames
3. user can create his own subfolders
4. user can delete his own subfolders
5. user CANNOT delete other user's subfolders
6. user can save file onto this folder X and those subfolders he had created before
7. user can delete his own files (in folder X and its subfolders)
8. user CANNOT delete other user's files (in folder X and its subfolders)
9. user can view other user's file
10. user CANNOT change/delete other user's files

It is basically want to let user create/save/delete file in folder X + subfolders but do not allow them to modify other user's files.

TIA
el
 
Create a folder for each user, then give "everyone" read-only access to all folders. Lastly, give each user full access to his own folder.
Hi all,
How do I set the permission settings on folder X in a share drive so that:
1. user can list the filenames in folder X
2. user can go into sufolders of folder X and list their filenames
3. user can create his own subfolders
4. user can delete his own subfolders
5. user CANNOT delete other user's subfolders
6. user can save file onto this folder X and those subfolders he had created before
7. user can delete his own files (in folder X and its subfolders)
8. user CANNOT delete other user's files (in folder X and its subfolders)
9. user can view other user's file
10. user CANNOT change/delete other user's files

It is basically want to let user create/save/delete file in folder X + subfolders but do not allow them to modify other user's files.

TIA
el
 
Are there any other way to do this? To do it this way, IT support need to create folder for each existing user (and also all future users). That seems to put workload on the support team. Is it possible to achive my requirements through permission settings?
Create a folder for each user, then give "everyone" read-only access to all folders. Lastly, give each user full access to his own folder.
Hi all,
How do I set the permission settings on folder X in a share drive so that:
1. user can list the filenames in folder X
2. user can go into sufolders of folder X and list their filenames
3. user can create his own subfolders
4. user can delete his own subfolders
5. user CANNOT delete other user's subfolders
6. user can save file onto this folder X and those subfolders he had created before
7. user can delete his own files (in folder X and its subfolders)
8. user CANNOT delete other user's files (in folder X and its subfolders)
9. user can view other user's file
10. user CANNOT change/delete other user's files

It is basically want to let user create/save/delete file in folder X + subfolders but do not allow them to modify other user's files.

TIA
el
 
Every user has folders in the Documents & Settings tree. They get them when their account is created. Surely one of the existing folders (for each use that is) could be used for this purpose.
Jim
Are there any other way to do this? To do it this way, IT support need to create folder for each existing user (and also all future users). That seems to put workload on the support team. Is it possible to achive my requirements through permission settings?
Create a folder for each user, then give "everyone" read-only access to all folders. Lastly, give each user full access to his own folder.
Hi all,
How do I set the permission settings on folder X in a share drive so that:
1. user can list the filenames in folder X
2. user can go into sufolders of folder X and list their filenames
3. user can create his own subfolders
4. user can delete his own subfolders
5. user CANNOT delete other user's subfolders
6. user can save file onto this folder X and those subfolders he had created before
7. user can delete his own files (in folder X and its subfolders)
8. user CANNOT delete other user's files (in folder X and its subfolders)
9. user can view other user's file
10. user CANNOT change/delete other user's files

It is basically want to let user create/save/delete file in folder X + subfolders but do not allow them to modify other user's files.

TIA
el
 
Your requirements are contradictory. Here is why:
- Let's assume that the parent folder for the user folders is called "UserData".
- If users are to have the ability to create a folder in "UserData" then the group "Domain Users" must have write-access to it.
- When JDoe creates a folder for himself then his folder will inherit the permissions set for the UserData folder.
- It follows that "Domain Users" will have access to JDoe's folder.

The workload for your support team is miniscule if you automate the process with a batch file that does this:
1. Prompt the administrator for a folder name.
2. Prompt the administrator for a user name (unless it's the same as the folder name).
3. Create the folder.
4. Set the permissions.

It's a breeze!
Are there any other way to do this? To do it this way, IT support need to create folder for each existing user (and also all future users). That seems to put workload on the support team. Is it possible to achive my requirements through permission settings?
Create a folder for each user, then give "everyone" read-only access to all folders. Lastly, give each user full access to his own folder.
Hi all,
How do I set the permission settings on folder X in a share drive so that:
1. user can list the filenames in folder X
2. user can go into sufolders of folder X and list their filenames
3. user can create his own subfolders
4. user can delete his own subfolders
5. user CANNOT delete other user's subfolders
6. user can save file onto this folder X and those subfolders he had created before
7. user can delete his own files (in folder X and its subfolders)
8. user CANNOT delete other user's files (in folder X and its subfolders)
9. user can view other user's file
10. user CANNOT change/delete other user's files

It is basically want to let user create/save/delete file in folder X + subfolders but do not allow them to modify other user's files.

TIA
el
 
OK. I can limit users to modify his own items in Exchange mailbox folders. Why I can't do the same in NTFS?? Is this a feature miss out in NTFS permissions?
Your requirements are contradictory. Here is why:
- Let's assume that the parent folder for the user folders is called "UserData".
- If users are to have the ability to create a folder in "UserData" then the group "Domain Users" must have write-access to it.
- When JDoe creates a folder for himself then his folder will inherit the permissions set for the UserData folder.
- It follows that "Domain Users" will have access to JDoe's folder.

The workload for your support team is miniscule if you automate the process with a batch file that does this:
1. Prompt the administrator for a folder name.
2. Prompt the administrator for a user name (unless it's the same as the folder name).
3. Create the folder.
4. Set the permissions.

It's a breeze!
Are there any other way to do this? To do it this way, IT support need to create folder for each existing user (and also all future users). That seems to put workload on the support team. Is it possible to achive my requirements through permission settings?
Create a folder for each user, then give "everyone" read-only access to all folders. Lastly, give each user full access to his own folder.
Hi all,
How do I set the permission settings on folder X in a share drive so that:
1. user can list the filenames in folder X
2. user can go into sufolders of folder X and list their filenames
3. user can create his own subfolders
4. user can delete his own subfolders
5. user CANNOT delete other user's subfolders
6. user can save file onto this folder X and those subfolders he had created before
7. user can delete his own files (in folder X and its subfolders)
8. user CANNOT delete other user's files (in folder X and its subfolders)
9. user can view other user's file
10. user CANNOT change/delete other user's files

It is basically want to let user create/save/delete file in folder X + subfolders but do not allow them to modify other user's files.

TIA
el
 
It's because an administrator has to create an Exchange user account and mailbox for each user, thus setting the scene. When you set the scene for a disk folder then you have the same situation.
OK. I can limit users to modify his own items in Exchange mailbox folders. Why I can't do the same in NTFS?? Is this a feature miss out in NTFS permissions?
 
You need to look into the advanced settings to get what you need and to use the
Creator/Owner group

Do something like the following
Create a folder to contain the user's folders.
Set the permissions to
Admin=F/C applies to This folder, sub-folders, files (so admin can fix issues)
Set Users=Modify, applies to This folder only
Set Creator/Owner = F/C, applies to Sub-folders and files.

The way this should work is that users have permission to create subfolders but
only in the top level folder. Any folder they create they will also own. Thus
the Creator/Owner permission which is F/C will apply to the folders they create.

One watch point will be where an administrator adds files to the user's folder.
The owner will be the administrator not the user thus the user will not have
access because he/she is not the Creator/Owner. Either recover to a temp folder
and get the User to copy the files to his folder or look into SUBINACL to set
the owner.

This is an outline and there are many ways that this can be made to work. You
will need to try different combinations to see which best meets your needs.
 
Don't overlook the alternative, of using home shares instead of home folders.

Share permissions are much simpler to manage, and don't suffer from the
anomalous results which arise with file permissions when, for example, an
admin reorganises files.

If you have server 2003, the 'net share' command includes the ability to set
permissions. Thus is it possible to create a user and associated share in one
go, by way of a straightforward batchfile.
 
Don't overlook the alternative, of using home shares instead of home folders.

Share permissions are much simpler to manage, and don't suffer from the
anomalous results which arise with file permissions when, for example, an
admin reorganises files.
Click to expand...

Agreed Share permissions are easier to understand but they don't even make it to
first base on el's problem.
 
Back
Top