Click here to get back home

How to set this Folder security
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
How to set this Folder security cisconoobie via WinServerKB.co 10-05-2006
Posted by cisconoobie via WinServerKB.co on October 8, 2006, 10:35 am
Please log in for more thread options
 Roger I also tried what you said, I removed inherit permissions and did copy -
> user can still delete folder

I tried leaving inherit permissions and added a ACE to deny delete on this
folder only for Group A - > user can still delete this folder

Can you please try this and you will see that it does not work.

Roger Abell [MVP] wrote:
>> Ok so I'm still having problems
>>
>[quoted text clipped - 15 lines]
>> renaming
>> it. I want Group A to have all other access for the subfolders.
>
>See my post !
>Roger
>
>>>If you do not want Group A to be able to delete the Magic folder, you
>>>have to make sure they cannot delete subfolders and files in the QA
>[quoted text clipped - 25 lines]
>>>> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/20061
>>>> 0/1

--
Message posted via http://www.winserverkb.com


Posted by Roger Abell [MVP] on October 8, 2006, 2:04 pm
Please log in for more thread options
> Roger I also tried what you said, I removed inherit permissions and did
> copy -
>> user can still delete folder
>
> I tried leaving inherit permissions and added a ACE to deny delete on this
> folder only for Group A - > user can still delete this folder
>
> Can you please try this and you will see that it does not work.
>

Actually I have quite a bit set similarly that does work.
Perhaps your user is in some other group you are overlooking?
Also, I said quite more than just bolcking inheritance and saying
to copy. That just set the starting point for the mofications.
Did you do those ??

> Roger Abell [MVP] wrote:
>>> Ok so I'm still having problems
>>>
>>[quoted text clipped - 15 lines]
>>> renaming
>>> it. I want Group A to have all other access for the subfolders.
>>
>>See my post !
>>Roger
>>
>>>>If you do not want Group A to be able to delete the Magic folder, you
>>>>have to make sure they cannot delete subfolders and files in the QA
>>[quoted text clipped - 25 lines]
>>>>> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/20061
>>>>> 0/1
>
> --
> Message posted via http://www.winserverkb.com
>



Posted by cisconoobie via WinServerKB.co on October 11, 2006, 11:10 pm
Please log in for more thread options
Yes, do me a favor and tell me how you setup your share and security
permissions exactly, I want to see if they are similar .

Roger Abell [MVP] wrote:
>> Roger I also tried what you said, I removed inherit permissions and did
>> copy -
>[quoted text clipped - 4 lines]
>>
>> Can you please try this and you will see that it does not work.
>
>Actually I have quite a bit set similarly that does work.
>Perhaps your user is in some other group you are overlooking?
>Also, I said quite more than just bolcking inheritance and saying
>to copy. That just set the starting point for the mofications.
>Did you do those ??
>
>>>> Ok so I'm still having problems
>>>>
>[quoted text clipped - 10 lines]
>>>>>> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/20061
>>>>>> 0/1

--
Message posted via http://www.winserverkb.com


Posted by Roger Abell [MVP] on October 12, 2006, 7:40 am
Please log in for more thread options
There are a few ways. One that seems most close to what you have is

parent (of QA) :
Domain Admins - Full
Authenticated Users - Read & Execute

parent\QA:
inherit from parent
Group A for read, execute
Group A special permission ( "delete subfolders and files" ACE)

parent\QA\Magic:
blocked inheritance
Domain Admins - Full
Authenticated Users - Read & Execute
Group A for read, execute
Group A special permission ( "delete subfolders and files" ACE)

However, for simplicity, I would make the parent\QA
have NTFS permissions settings identical to those shown
for parent\QA\Magic

Again, your intial issue was due to the fact that the grant
on parent\QA of
Group A special permission ( "Delete subfolders and files" ACE)
effectively states, "you can delete subfolder Magic and its content"

You could alternatively use
parent\QA\Magic:
inherit from parent
Group A special permission Deny ( "Delete" ACE - Applied to This folder
only)

I prefer to avoid use of Deny, even at cost of slightly more
complicated positive statement of permissions, ex. above.
However, in this case, where one only wants to protect one
folder from deletion, i.e. Magic, the main reason to avoid use
of Deny is not a consideration (i.e. the problems that result
when one depends on inherited Deny).

Roger

> Yes, do me a favor and tell me how you setup your share and security
> permissions exactly, I want to see if they are similar .
>
> Roger Abell [MVP] wrote:
>>> Roger I also tried what you said, I removed inherit permissions and did
>>> copy -
>>[quoted text clipped - 4 lines]
>>>
>>> Can you please try this and you will see that it does not work.
>>
>>Actually I have quite a bit set similarly that does work.
>>Perhaps your user is in some other group you are overlooking?
>>Also, I said quite more than just bolcking inheritance and saying
>>to copy. That just set the starting point for the mofications.
>>Did you do those ??
>>
>>>>> Ok so I'm still having problems
>>>>>
>>[quoted text clipped - 10 lines]
>>>>>>> http://www.winserverkb.com/Uwe/Forums.aspx/windows-server-security/20061
>>>>>>> 0/1
>
> --
> Message posted via http://www.winserverkb.com
>



Similar ThreadsPosted
Folder Security November 17, 2006, 6:34 am
Folder redirection and security November 9, 2005, 10:45 am
Folder security question February 10, 2006, 11:58 am
Folder security problem April 6, 2006, 1:27 am
Security on Tasks Folder April 24, 2006, 11:23 am
Folder and Files Security October 3, 2006, 1:46 pm
Folder Security Issue November 1, 2007, 10:53 am
Strange folder security problem October 4, 2006, 3:45 pm
Sensitive Folder Security - Best Practice November 24, 2006, 9:50 am
Folder/Share security question January 7, 2008, 10:17 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap