+ Post New Thread
Results 1 to 4 of 4
Windows Server 2008 R2 Thread, Create But Not Delete Permissions in Technical; Hi folks, (2008 R2 file server.) I'm trying to setup a directory where students can save/upload homework. It means they ...
  1. #1
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11

    Question Create But Not Delete Permissions

    Hi folks,

    (2008 R2 file server.)

    I'm trying to setup a directory where students can save/upload homework. It means they need write permissions to save there, but I don't want them to be able to open other files.

    I've obviously used advanced permissions with the following set to allow:

    List folder / read data
    Create files / write data
    Write attributes
    Write extended attributes

    The following are sent to deny:

    Traverse folder / execute file
    Delete subfolders and files
    Delete

    A student account is able to copy files there, but they cannot save directly into the folder. They need to be able to do the latter, because we're using a remote access tool that uploads directly into the folder.

    Anyone know what permissions I'm missing to allow this, or whether it's even possible?

    TIA

  2. #2
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    348
    Thank Post
    5
    Thanked 38 Times in 33 Posts
    Rep Power
    24
    Hi Gongalong
    I think you will need to allow them to list / traverse the entire path of the share.
    Here is a previous post I made with a permission screenshot.
    Student Folder Redirection Issues
    Some applications such as word needed to see the whole path. What application are you using?

    Also note that because you deny delete doesn’t mean they cannot erase the contents. I suggest you setup up a test account and try a few different things.
    IIRC from my lab experiments if you have read and write but not delete, you can simply open the file erase the text and save. Even if you deny read if they know the name they can copy in a blank file with the same name.
    Your remote access tool make take care of that though.

    Cheers

  3. Thanks to ADMaster from:

    Gongalong (1st September 2014)

  4. #3
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    Thanks, I'll try removing the deny on that. I have a feeling that execute file isn't the same as opening it anyway, but I could be wrong. I've had a look at MS's document on permissions, but I don't find it very clear Permissions for files and folders: User Rights; Security Policy; Security Services

  5. #4
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    921
    Thank Post
    837
    Thanked 20 Times in 18 Posts
    Rep Power
    11
    I thought it might be to do with Creator Owner permissions. I tried removing the ability for Creator owner to "Delete" and "Delete Subfolders and Files" and that stopped the user from being able to save there. I will persist...

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 9th August 2012, 10:00 AM
  2. Replies: 6
    Last Post: 20th February 2012, 02:34 PM
  3. NTFS: Allow modify but not create
    By Oops_my_bad in forum Windows
    Replies: 8
    Last Post: 15th January 2009, 03:24 PM
  4. Write but not view folder permissions, strange request
    By HMCTech in forum Windows Server 2008
    Replies: 7
    Last Post: 14th April 2008, 01:21 PM
  5. Replies: 16
    Last Post: 12th March 2008, 04:27 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •