Prevent Users from moving folders??

[sergiok]

Hi,

I've been searching for the answer to this question for a while. Probably spent more than 8 hours searching and searching. I've probably spent even more time experimenting with my W2k Server.

Here's the deal:

I have a share called ROOT. Inside that share are various subfolders (numerically named) 1,2,3, etc...

Server \\ Share \ folder within the share
----> ROOT ----> 1
----> 2
----> 3

I'd like to give users full rights inside each numbered subfolder, but not allow them to move or delete the subfolders inside the share ROOT. I'd like to prevent what sometimes happens: some user will inadvertently move folder 2 inside folder 3 or something like to that effect.

How do I restrict user's ability to move and delete folders 1, 2, 3 and so on but then give them full rights once they are inside those folders?

Thank you!

 

[mrwalsh1]

in advance settings for Security tab in the properties of the ROOT folder - uncheck inherit security from parent folder and give your users "list folder contents" and "read and execute" permissions. Then for folders 1,2,3 - uncheck inherit security from parent (which now has list, read and execute permissions) and give your users whatever permissions you would like.

Groups make it easier, if you have a lot of users.



~Mark

 

[sergiok]

Thanks Mark,

All users have the same 'needs' so I've been setting the permissions with all Authenticated Users. I don't do it one by one.

One question to your reply though. On both the Root and 1,2,3, folders, when I set the Security under Advanced, under Apply onto: which do I set each to? "This Folder Only", "This Folder, Subfolders, and Files" or one of the other five options?

 

[koquito]

also you can use Advanced Security Settings under the same TAb, by clicking Advanced. A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!

 

[sergiok]

I know how to get to the settings under Advanced.

I am just confused as to how to exactly set the security settings in order to prevent users from moving parent folders while still allowing users full rights in the subfolders.

 

[richgill]

Expanding a little on what has already been said...

For your ROOT folder, go to the Security tab and deselect "Allow inheritable permissions from parent to propagate to this object". Remove Authenticated Users, click on the Advanced... button and select "Reset permissions on all child objects and enable propagation of inheritable permissions". Then click OK. This completely removes access for Authenticated Users. Then go back to the security tab for the ROOT folder and add Authenticated Users back in again and give them 'Read & Execute', 'List Folder Contents' and 'Read' permissions.


Now for your sub folders (1, 2, 3...) you need to go to the security tab and deselect "Allow inheritable permissions from parent to propagate to this object". When given the option, chose COPY permissions. Then go to the Advanced.. section, press the ADD button and add Authenticated users, giving them full access and apply it to "Subfolders and files only".

Your users can now create/delete/move files within the ROOT subfolders but are unable to delete (or move) the ROOT subfolders themselves.

Hope that makes sense!

 

[HEX1000]

try this utility. It locks files and folders.

http://www.sharewareviking.com/security4.htm

its called Secure Explorer.

hope it helps

 

[sergiok]

Thanks Rich,

I believe the settings on the ROOT folder are correct, but I may have done something wrong on the subfolders (1,2,3). I users can't create/delete folders or files in these subfolders.

Under the SECURITY tab for one of these subfolders, then ADVANCED, I set full access and apply it to "Subfolders and files only". This seems quite logical.

The problem is that when I performed the previous step as per your instructions: "When given the option, chose COPY permissions" it still leaves Authenticated Users with Read & Execute permissions on This Folder, Subfolders and Files.

These settings of course limit users rights in the subfolders and files... so I changed it to This Folder Only... but it still doesn't allow users to create, delete any subfolders inside the 1,2,3 subfolders.

ugh! quite frustrating.

Thanks anyway.

 

[sergiok]

Rich,

Disregard that last post of mine! I got it.

Thanks again for your help!

 

[koquito]

so its working now? A+, MCP, CCNA
marbinpr@hotmail.com

Keep fighting for your knowledge!

 

[sergiok]

Yup! It works perfectly!

 

[CyberGar]

Would you mind greatly telling everyone EXACTLY what you did to resolve this? You said you got it working perfectly.

Thanks! Cheers...

 

[sergiok]

Here's exactly what I did...

Right click the ROOT folder, go to Sharing, then Security tab and deselect "Allow inheritable permissions from parent to propagate to this object". Remove Authenticated Users, click on the Advanced... button and select "Reset permissions on all child objects and enable propagation of inheritable permissions". Then click OK. This completely removes access for Authenticated Users. Then go back to the security tab for the ROOT folder and add Authenticated Users back in again and give them 'Read & Execute', 'List Folder Contents' and 'Read' permissions. I also left Administrators with full rights.


Now for the sub folders (1, 2, 3...) go to Sharing, then Security tab and deselect "Allow inheritable permissions from parent to propagate to this object". When given the option, chose COPY permissions. Then go to the Advanced.. section, press the ADD button and add Authenticated users, giving them full access and apply it to "Subfolders and files only". Go back to Advanced, and on the Permissions for Authenicated Users that is for READ & EXECUTE only, change it to This Folder Only. This way, they have full permissions below this folder, but only read and execute for that same folder.