Re: Create Folders permission


Roger Abell [MVP] wrote:
"Jack" <jlichwa@xxxxxxxxxxx> wrote in message
news:1150563026.588116.33720@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I have shared folder on Windows 2003, when I check Domain Users
permission is only Read & Execute, Read, List Folder Contents. Then I

This is evidently in the generic NTFS (not under Advanced button) dialog.
Is there a gray tone to the Special box ?

check in advanced and edit Domain Users permission - Create Folders and

Create Files are unchecked, but when I go to efective permission and
select Domain Users there Create Folders and Create Files are checked.

If effective shows that then it is due to there being a grant somewhere
directly to Domain Users group. Are those boxes grayish - indicating
this is being inherited from a parent folder ?

I don't know what is going on. Domain Users is not a part of any other
user group. Other shared folder on Windows 2000 work fine with the same
configuration.


If it were embedded that would not matter for this, as the effective are
showing the effective grants made directly to that group, not all of the
potentially existing indirect ones.


What could be wrong? How to block domain users to create folders?

Probably nothing, and all is likely as it should be, given the grants
that exist on the object or its containing object. You just need to
determine at what point that grant is being made and adjust the
grants to your needs.


I just create new share folder(share permission :full control to
everyone),
security - domain users:Read & Execute, List Folders and Contents, Read
- (any grayish checked box).
User is not a part of any local groups, groups by gpresult command:

User security groups:

Domain Users
Everyone
Builtin\users
NT Authority\Interactive
NT Authority\Authenticated Users
LOCAL

Efective permission this time show Create Folders and Files unchecked,
but still I can create folders and files in this share. Another
Server Windows 2000 (member of the same domain) has the same share
permission and security and you cannot create any folders or files in
share

Is there are some configuration in Windows 2003 File Server that as
default every users who can read can also append data. Because
changing files or delete show correctly Access Denied, just server let
you append data


Share is created by administrator so user is not owner etc.... share
permission are:
Administrators(servername\administrators) full control
Creator Owner none
System full control
Users(server name\users) read & execute
Domain Users read & execute

.