Permissions for Share 1

[nevets2001uk]

I'm setting up some folder shares on one of our servers. The area is readable by all authenticated users but only users within a specific group may modify data and add sub-folders etc.

One issue I'd like to resolve is that I'd like to prevent the users with modify access from being able to change the permissions on files and folders they create. This should be restricted to administrators only.

I have taken away the "Read Permission" and "Change Permission" options from the top level share as well as ensuring the group with write access also doesn't have these. However a test user is still able to adjust permissions after creating files.

Is my objective acheievable? IF so how can I approach it?

Steve G (MCSE / MCSA:Messaging)

 

[porkchopexpress]

When i give my user the 'change' 'share' permission they can view but not alter NTFS permissions. Are they a member of a different group that has full share permissions does domain users have full share permissions?

 

[Helenp1983]

have you denied change permision to Creator owner group?

and do the permissions inherit?

 

[nevets2001uk]

Thanks guys. I had the share permissions set at "Authenticated Users - Full Control" assuming that the if I removed the NTFS permissions on creator owner that would stop them changing the permissions.

I have since changed the share permission to change and that seems to work.

Steve G (MCSE / MCSA:Messaging)

 

[porkchopexpress]

Yep change share permissions is the best way to prevent users from nessing with NTFS permissions.

Glad it sorted it.