Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Prompt users when moving files? Help!!!!!!!!
- Thread starter knowidea
- Start date
I am also having problems with files/directories getting deleted. Luckily I can restore them from backup but this is not ideal. I have tried to set permissions to Special Access... (Read, Write and Execute only) but CAD users seem unable to amend and save files. MS Word documents also seem to require delete permission. Am I doing something wrong?
Are you checking the box to replace permissions on subdirectories? Also make sure the Everyone group and the Domain users are not in the permissions list. If I was having the problem you are having with files and directories being deleted I would put the Administrator as the only one with access to the directory and add users as they called to complain they could not get in. Then I would give them Change permission. Of couse you should get the OK to do this from you boss. You can always upgrade their access. It sounds like you have some out of control users.
Thanks hchman
Yes, I did check the subdirectories box. I have the local Users group (which includes the Domain Users group) added for Share permissions but Domain Users for NTFS permissions, both with Change permissions. Should both Share and NTFS ACLs be the same? Why do you recommend not including the Domain Users group? Does Change permission still allow deleting?
Sorry for all the questions. If you don't see anything wrong with my current strategy, I may do as you suggest and just add in users as required.
Thanks
Yes, I did check the subdirectories box. I have the local Users group (which includes the Domain Users group) added for Share permissions but Domain Users for NTFS permissions, both with Change permissions. Should both Share and NTFS ACLs be the same? Why do you recommend not including the Domain Users group? Does Change permission still allow deleting?
Sorry for all the questions. If you don't see anything wrong with my current strategy, I may do as you suggest and just add in users as required.
Thanks
Did you create a global group first? Local groups are ususally created to put global groups in then assign rights not permissions. The reason I said to take the domain users out of the Global groups is because by default when you create a user they are added to the Domain users group. Group permissions are cumulative which means if a member is in more than one group the group with the least restrictions overrides the other. This means all users in the Domain users group have asscess. You can be much more specific if you create a Global group then add only the users you want to have permission. Always make sure the Administrator is added to the group and has full control permission. I'm sorry. If you need users to have asscess to files and run apps but not delete use the Add & Read permission. If you get into mixing NTFS and share permissions it is very confusing. I would stick with just setting up share permissions and not mess with NTFS file permissions until you understand them better. One other thing. Make sure no one else is signing on as administrator. Remember it is better to start out with the most restrictive permissions and work from there. If users cannot do what they need they will let you know then you can go from there. Create a dummy account and play around. You will get it right eventually.
Here is a little something to help you decide on your permissions.
No Access (None) (None) permission restricts all access to the shared folder. Specifying No Access for a user eliminates that user's access to the folder, even if the user is a member of a group or groups that have access to the folder.
List (RX) (Not Specified) permission allows the user to view a list of files and subfolders contained within the folder, and to change to a subfolder, but it doesn't grant permission to access the files.
Read (RX) (RX) permission grants all the rights provided by list permission. It allows the user to open a file in read-only mode, but not to write to the file or delete it. Because read (R) permission implies execute (X) permission, if the file is an executable program file, read permission allows you to execute it.
Add (WX) (Not Specified) permission allows the user to create new files and new subfolders within the folder, but doesn't grant permission to access the files, including those newly created.
Add & Read (RWX) (RX) permission combines the rights granted by the Read and Add folder permissions described in the preceding items.
Change (RWXD) (RWXD) permission grants all the rights provided by the Add & Read permission, and adds the rights to write (W) to and delete (D) files and to delete (D) subfolders.
Full Control (All) (All) permission grants all the rights provided by the Change permission, and adds the rights to change NTFS file access permissions and folder permissions, as well as take ownership of NTFS files and folders.
Special Directory Access permission allows you to customize folder access permissions. You can specify any combination of read (R), write (W), execute (X), delete (D), change permissions (P), and take ownership (O). For example, you can use special directory access folder access permissions to allow a specified user or group to have list and read permissions for files within the folder, but not to have the execute permission.
Hope this helps. ;-)
No Access (None) (None) permission restricts all access to the shared folder. Specifying No Access for a user eliminates that user's access to the folder, even if the user is a member of a group or groups that have access to the folder.
List (RX) (Not Specified) permission allows the user to view a list of files and subfolders contained within the folder, and to change to a subfolder, but it doesn't grant permission to access the files.
Read (RX) (RX) permission grants all the rights provided by list permission. It allows the user to open a file in read-only mode, but not to write to the file or delete it. Because read (R) permission implies execute (X) permission, if the file is an executable program file, read permission allows you to execute it.
Add (WX) (Not Specified) permission allows the user to create new files and new subfolders within the folder, but doesn't grant permission to access the files, including those newly created.
Add & Read (RWX) (RX) permission combines the rights granted by the Read and Add folder permissions described in the preceding items.
Change (RWXD) (RWXD) permission grants all the rights provided by the Add & Read permission, and adds the rights to write (W) to and delete (D) files and to delete (D) subfolders.
Full Control (All) (All) permission grants all the rights provided by the Change permission, and adds the rights to change NTFS file access permissions and folder permissions, as well as take ownership of NTFS files and folders.
Special Directory Access permission allows you to customize folder access permissions. You can specify any combination of read (R), write (W), execute (X), delete (D), change permissions (P), and take ownership (O). For example, you can use special directory access folder access permissions to allow a specified user or group to have list and read permissions for files within the folder, but not to have the execute permission.
Hope this helps. ;-)
hchman gave you a very nice detailed explanation. Good reference material.
This is an old, mostly unsolveable problem. If you deny delete permissions, Word will have problems. It needs delete rights when it saves files as it needs to delete the temp files it creates when it exits a document.
I heartily recommend Undelete Server from Executive software. It lets you roll back to earlier copies of Office documents as well as restore folders and files. It's saved me a lot of time, many times!
This is an old, mostly unsolveable problem. If you deny delete permissions, Word will have problems. It needs delete rights when it saves files as it needs to delete the temp files it creates when it exits a document.
I heartily recommend Undelete Server from Executive software. It lets you roll back to earlier copies of Office documents as well as restore folders and files. It's saved me a lot of time, many times!
ChrisHirst
IS-IT--Management
Server Undelete is about your only hope, as the permissions sometimes do not seem to apply within the file|open.. and file|save.. dialog boxes It is the one feature that I for one miss from Windows 3.1
Chris.
Chris.
- Status
Similar threads
