NTFS: Allowing only a Group to Create/delete Folders ?

[roger85]

Hello,

Need some help.

I have a 2003 Server which is our Data Server, We have a simple directory (D:\COMPANYDATA), created a group called "COMPNAY DATA" added all members of staff to this group and then given them all permissions except for "Full Control".

This has let any user create/edit/add/delete anything within this main folder, when they want.

Now the client wants to change it so only a Group of people can Create / Delete / Move Folders,all other users can do what they like except for directory structure.


Is there any method this can be done ? If not with NTFS, any third part app.

Thanks

Roger

 

[TheMisio]

Roger85,

Create another group. Add this group to the permissions of the COMPANYDATA tab. Still in the permissions tab of the folder, click on advanced. Highlight the group which you just created and click on edit (if any settings are greyed out, clear Inherit from the parent box. Make sure you copy existing permissions when asked). Within the Edit box, click deny on anything you do not want users to do and allow and things they should. Once done, add users to it. Deny will ALWAYS override any other settings.

Regards,

Michael.

 

[roger85]

trying now and not working as required.

i can get it to sort of work using your instructions, i need "Any user" to be able to create/edit and delete FILES not FOLDERS"

When i set it up using your instructions users cant delete anything including folders..

hopw this makes sense.

Basically some users must have FULL CONTROL (This means Create folders as well as files, and also deleteing.)

The some basic users that can only make files + delete files + edit files. BUT NOT ABLE TO CREATE A FOLDER OR DELETE A FOLDER.

hope that helps


Look forward for the response.
Roger

 

[Davetoo]

On the group that you don't want to create folders within your shared folder, take away the explicit right Create Folder /Append Data.

A simple Google search would have found your answer within milliseconds:

http://technet.microsoft.com/en-us/library/cc787794.aspx

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[roger85]

i've tried that but when i deny Create Folder / Append Data users can edit delete FILES.
Create Folders allows or denies creating folders within the folder. (Applies to folders only.)

See below from your link, ITS STATES FILES not folders.

Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data. (Applies to files only.)

 

[Davetoo]

You want to yell at people here and you'll find yourself banned...don't even go there with your little capital letters.

You need a group of users to be able to, in your own words, "basic users that can only make files + delete files + edit files. BUT NOT ABLE TO CREATE A FOLDER OR DELETE A FOLDER." It is this group of users that you have to set the permissions as I pointed you to above.

It's the answer to the question you asked...so perhaps you need to ask a better question, because you appear to be confused.


I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[Davetoo]

I thought something was wrong from the text you posted from my link...you left off the part where it clearly states that it does EXACTLY what you wanted:

Create Folders allows or denies creating folders within the folder. (Applies to folders only.)

Create Folders/Append Data
Create Folders allows or denies creating folders within the folder. (Applies to folders only.)

Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data. (Applies to files only.)


Now, it appears you're confused as to what exactly it is you're trying to do. I suggest you clearly state a single question for us to help you with, then move on to another one if you have others.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!

 

[roger85]

Davetoo,

First i never meant anything by CAPITALS, it was jsut me typing, so dont take it wrong.

Your right me being confused, what i want to do must be possible but i think i may not be explaing it correct.

i will try your suggestions first thing in the morning and then get back to you.

But i still have to say, the below line states that it applies to files only. If i was to deny this would it not mean users will not be able to change/delete files.


Append Data allows or denies making changes to the end of the file but not changing, deleting, or overwriting existing data. (Applies to files only.)

 

[Davetoo]

No it doesn't...it's telling you in plain English that users won't be allowed to append data to the end of a file. This is different from creating/editing/overwriting an existing file.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!