Re: How to restrict access to just Files, not Folders

From: Tom Gibson (Gibson_at_discussions.microsoft.com)
Date: 01/30/05 

Date: Sun, 30 Jan 2005 13:05:02 -0800

to all: thanks for the quick responses.
I had selected the constraint of Files only, but then my users were not
permitted to traverse any subfolders.

I had missed the fact that users could be listed in the Advanced page more
than once. I shall have to try that.

My solution:
Authenticated Users: Traverse Folder / List access - This folder, subfolders
and files
Folder Admins: Modify - This folder, subfolders and files
Folder Users: Modify - Files only

Then I reset it for all objects below.
Now, when for each folder, the files have the permissions required. A user
can add, delete, modify any files. But to traverse the folders, they are
using the Authenticated Users permissions.

Thanks

"Steven L Umbach" wrote:

> This should work. On the main security page give the group read/list/execute
> to the folder. Then go into "advanced" permissions and add the group again.
> Then select "folder and subfolder" in the apply onto box and check all the
> permissions other than full control and change permissions. What many seem
> to miss is that a user or group can be listed multiple times in advanced
> permissions. --- Steve
>
>
> "Tom Gibson" <Tom Gibson@discussions.microsoft.com> wrote in message
> news:EF4D0033-221C-4201-A893-90C536D34349@microsoft.com...
> >I want to restrict access to users to be able to create, delete, modify
> > files, but not folders.
> > The security options are not granular enough that I can tell.
> > If I unselect Delete Subfolders and Files AND Delete, then folders cannot
> > be
> > deleted, but either can files.
> > If I unselect just Delete Subfolders and Files, and leave Delete, then
> > both
> > can be deleted. Same is true if just Delete Subfolders and Files is
> > selected.
> >
> > Any recommendations is requested and appreciated.
> >
> > Thank you.
> >
> > Tom Gibson
>
>
>

Relevant Pages

  • Re: Default permissions for the "Default User" account folder
    ... > I gather that Windows uses the permissions from this ... > folder when adding new user accounts. ... > Full - Administrators - This folder, subfolders, and files ... and have created several templates ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Why do some folders/registry keys have 2 permissions instead of 1?
    ... > I'm trying to write a script that will compare permissions for a large ... But if you check the folder or registry key's ... > group/user when it only needed to save one ACE. ... > gives Full Control to myuser for subfolders and files, ...
    (microsoft.public.win2000.general)
  • Re: Why do some folders/registry keys have 2 permissions instead of 1?
    ... > I'm trying to write a script that will compare permissions for a large ... But if you check the folder or registry key's ... > group/user when it only needed to save one ACE. ... > gives Full Control to myuser for subfolders and files, ...
    (microsoft.public.win2000.registry)
  • Re: Why do some folders/registry keys have 2 permissions instead of 1?
    ... > I'm trying to write a script that will compare permissions for a large ... But if you check the folder or registry key's ... > group/user when it only needed to save one ACE. ... > gives Full Control to myuser for subfolders and files, ...
    (microsoft.public.win2000.security)
  • Re: NTFS Permissions
    ... > I want to be able to secure my network file shares through NTFS permissions so that users cannot accidently delete subfolders or the root foler of their file share but have come across an interesting problem. ... > Then I have a test group called test1 with a bunch of users in the test group and I apply this group to have modify permissions on the test folder. ... Grant the users Read, Write, and Execute perms on the given folder, ...
    (microsoft.public.windows.server.general)