Re: Authenticated users permissions

From: Matt Carter (MattCarter_at_discussions.microsoft.com)
Date: 05/25/05 

Date: Wed, 25 May 2005 08:50:06 -0700

Thank you Mr. Abell, I was able to go in and select to Security tab and then
the Advanced button and selected to DEselect the Inherit from permission
entries and it wondered if I wanted to COPY and I did so, and that fixed it.
After that some files / folders did not have the permissions. I then
selected to select the checkbox for Replace permission entries on all child
objects... That did the trick. I was able to go in and Edit the
Authenticated Users permission and select it to be Read Only (not denying
anything) and then the users who needed Modify permissions were allowed to do
so.
Thank you. I was lost.
I feel much better. Thank you for taking the time to comprehend my raving.
I am appreciative!

matt

"Roger Abell" wrote:

> In NTFS when you block inheritance at a folder, this is for all inheritable
> permissions. When you do this you can choose to copy the inherited which
> will turn them into the initial explicit permissions on the new inheritance
> point that folder becomes. These can then be modified as needed, and then
> the checkbox to apply these to all subordinate structure (files and
> subfolders)
> may be used to adjust all lower permissions to what has now been set (this
> part is particularly relevant if there are additional explicit grants or are
> any
> other inheritance points set in the pre-existing substructure)
>
> Sometimes, with some thought, one can find a way so that at the uppermost
> level the least common permissions are granted, and then these are
> increased,
> without blocking inheritance, by merely adding additional explicit
> permissions
> at the specific subfolders. Note that these added permissions can be set so
> that they affect only the one folder where set and do not inherit, or they
> may
> be left in default as added inheritables.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Matt Carter" <MattCarter@discussions.microsoft.com> wrote in message
> news:3AECCBE1-D4F0-47AE-A374-3D8789891E30@microsoft.com...
> > I am having trouble. I have a shared drive on my 2003 network that is
> > accessed by the company. It is set up to have the root, S:\ to be
> > Authenticated Users (Modify) access. It is inherited to another folder,
> > accessed by numermous groups / users (the Auth. Users permissions are
> > Inherited). A subfolder of that is where I would like to "limit." I
> would
> > like to make it so that Authenticated Users only have READ access to the
> > folders / files from this folder to child folders. I would like to have
> > other users (also on our network) to be allowed to have WRITE / MODIFY
> > access. I am having trouble setting it up. When I try to REMOVE to the
> > Inherited permissions for Authenticated Users, it removes ALL permissions
> on
> > the folder. No default Domain Admin, Enter. Admin, Creator Owner, System,
> > (etc.).
> > I was able to recreate the permissions and set them on the folders and
> > subfolders / files. The issue is that files from "yesterday" and previous
> > are ACCESS DENIED. They are using the READ ONLY permissions from
> > Authenticated Users (a few users should have MODIFY permissions and they
> are
> > "locked out"). However! if those users with Modify permissions create or
> > work on documents "today" they are able to access them. The issue is that
> > they have numerous files and subfolders that do not have current
> information.
> > If I try to copy the folders and paste them, it keeps the inherited
> > permisions from the default share with Authenticated Users as Modify. I
> am
> > flustered.
> >
> > Thank you for possibly helping.
> >
> > Matt
>
>
>