Prevent / deny folder creation on 2003 server from xp workstation

  • Thread starter Thread starter TonyBaggaDonuts
  • Start date Start date
T

TonyBaggaDonuts

I need to prevent users in my network from creating new folders on the
server. I found a setting in the folder permissions (security
properties) that does this, but its also linked to deny file appending.


I don't know why Microsoft feels the need to group multiple security
actions into a single setting. It's highly illogical. fix that, bill.

Does anyone know a good way to block users from making folders? I
don't want my users to make their unnecessarily complex folder trees,
they must adhere to our standard structure. But I don't want to make
every file read only, which is an unnecessary side effect (BILL!).

Thanks.
Tony
 
You will need to make sure that the group does not have allow permission for
create folders/append data for folders and subfolders. There are a couple
ways to do that using special permissions where a group can have different
permissions for the possibilities found in the "apply onto" box that you can
see when you look at the special permissions of the root folder on a default
install of XP Pro in the advanced page of the security page. The link below
explains more on special permissions. In your case you probably what to have
separate permissions for folders and subfolders and then files only. Note
that when you see create folders/append the create folders only applies to
folders and subfolders while append applies only to files.--- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419
 
When I set the correct permissions and apply it to the folders only, I
still have issues with files being read-only. The way you said to do
it was supposed to set these permissions for folders only, but when I
try to open a file in this folder, it is read/only still. here is what
I have for this test folder's permissions:

admins: full control
users: in special permissions: apply to this folder & subfolders: allow
everything except:
'create folder/append data'
'take owner'
'change permissions'....
But when I apply changes and get back to the main security settings
dialouge, the only checked permission is 'list folder contents'... no
read or write access or modify. I want my users to be able to do
everything except create folders. They can delete all they want, we
have backups.

Is the parent/child propagation affecting it? if files are child
oblects, wouldn't that mess up the file exclusion? Maybe? I wouldn't
want to set individual permissions on thousands of folders. I don't
have any other ideas why this wouldn't work. Do you?
 
Create your folder and then on the main security page give the group
read/list/execute permissions. The go into advanced page, find the group,
select edit, and add the allow permission for create files/append data. Then
while still there select add, add your group again, select all permissions
other than full control, change permissions, and take ownership and select
"files only" in apply onto box. Then hit apply and OK. If the parent
folder you create is inheriting permissions that are causing problems then
first uncheck "inherit from parent" and you will have a choice to delta or
copy current permissions and then modify from there. When done you should
see your group listed twice in the advanced page for permissions - once for
folder, subfolders, and files and then again for files only. --- Steve
 
wow thanks, that worked beautifully. Now I know when I want to split
up a 2-part permission, I have to make two settings for the same group
each time. You the man.
 
Glad you got it to work. That seems to be the biggest problem with special
permissions in that everyone assumes you can only configure a group with one
set of permissions. They can have a separate set of permissions for each
possibility in the "apply onto" box. If you look at the default
configuration for the root/drive folder on an install of XP Pro you will see
this. --- Steve
 
Back
Top