+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Windows Thread, GEtting folder permission right on a shared folder problem? in Technical; I am not even sure if this is possible. One of our depts has asked us to set up a ...
  1. #1
    Kyle's Avatar
    Join Date
    Jan 2006
    Posts
    972
    Thank Post
    91
    Thanked 14 Times in 13 Posts
    Rep Power
    21

    GEtting folder permission right on a shared folder problem?

    I am not even sure if this is possible. One of our depts has asked us to set up a folder on the network that pupils can save documents to forte subject only. They want staff to be able to have 'Full Control' (easy) But they want pupils to have write access but not modify(so as soon s they save the file they can no longer edit it. Also they would like that only the user who has saved the file can open that file and not any other pupils.

    We have tried several settings for the NTFS security but cant seem to get ti right(don't even know if it is possible)

    What would you recommend?

  2. #2

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,930
    Thank Post
    1,337
    Thanked 1,781 Times in 1,105 Posts
    Blog Entries
    19
    Rep Power
    594

    Re: GEtting folder permission right on a shared folder problem?

    Getting an CMS / Document management solution. Sharepoint can do some of this, as can FirstClass ... perhaps Moodle ... and I am sure you could do this with Novell ... and I use to do this on Macs too (AppleShare and MacAdmin).

    Doing it on Windows ... pass ... sorry

  3. #3

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23

    Re: GEtting folder permission right on a shared folder probl

    Yes this is possible with standard Windows 2000/2003 NTFS but you will need to modify the advanced NTFS permissions as follows.

    Create a new test folder for the subject.

    In the Advanced Security Settings for the test folder, make sure Allow inheritable permissions from parent is unchecked, if necessary remove the tick and when asked whether to copy or remove, choose remove.

    In the security tab of the new folder

    Add CREATOR OWNER (don’t worry about writes yet we will modify them using the advanced permissions)

    Add the students security group (you might want to create a new one for just those students who take the subject) give this group WRITE permission

    Add the staff security group or individual members and give them MODIFY permissions.

    Make sure the administrators group has full control and set or remove any other permissions as necessary.

    In the Advanced Security Settings for the test folder, select the CREATOR OWNER property click edit and remove the following permissions

    Full Control
    Write Attributes
    Write Extended Attributes
    Delete Subfolders and Files
    Delete
    Change Permissions.

    Test this using a student and staff account and see if this works, I have not tested it but it should do the trick. Let me know how you get on.

  4. #4
    krisd32's Avatar
    Join Date
    Feb 2006
    Location
    Longridge, Preston
    Posts
    545
    Thank Post
    85
    Thanked 68 Times in 47 Posts
    Rep Power
    43

    Re: GEtting folder permission right on a shared folder problem?

    i set up an an ftp folder on 1 of our servers and shared it out via iis gave student write only access to this folder and gave teachers full control of it. each teacher gets the kids to drag and drop their work into this folder with name and set in the filename and then the teacher copies it to the appropriate folder of their choice. once the kid drags or pastes the file into this folder, it then disappears out of their sight.

    there will be a better way to do something like this but this works for us and it was free! just takes a bit of messing with permissions.

    cheers

    Kris

  5. #5
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,637
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22

    Re: GEtting folder permission right on a shared folder probl

    Just for informations sake, the only difference between having Modify and Full Control permissions is the ability to give and take ownership, so really noone but administrators need Full.

  6. #6
    krisd32's Avatar
    Join Date
    Feb 2006
    Location
    Longridge, Preston
    Posts
    545
    Thank Post
    85
    Thanked 68 Times in 47 Posts
    Rep Power
    43

    Re: GEtting folder permission right on a shared folder problem?

    thats what i meant i just couldn't think of the word at the time.

  7. #7
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: GEtting folder permission right on a shared folder problem?

    When a user creates a file, they become the owner of it and therefore have full permissions on it, regardless of any NTFS permissions set. In theory, a user could create a file, which they would then be unable to delete, but they could still modify the permissions on it because they are the owner.

  8. #8

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23

    Re: GEtting folder permission right on a shared folder problem?

    Not quite true, if you remove Read and Change permissions they cannot do this. You can also deny take owner permissions if you wish.

  9. #9

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24

    Re: GEtting folder permission right on a shared folder problem?

    Quote Originally Posted by ajbritton
    When a user creates a file, they become the owner of it and therefore have full permissions on it, regardless of any NTFS permissions set. In theory, a user could create a file, which they would then be unable to delete, but they could still modify the permissions on it because they are the owner.
    That's how we were taught it at a recent MCSA course I attended. The user with ownership- the creator of the file/folder/object- can even assign take ownership rights to user 'b' should they wish to. This is built in to the NTFS system by default.

    You can of course be "explicit" about assigning NTFS permissions- and that would be what happens when you "explicitly" deny someone take ownership or special permissions on a resource that is shared. That's a whole different ball-game though, because the key to that is in the wording- "explicit".

    That's how I read it anyway :?

    Paul

  10. #10

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23

    Re: GEtting folder permission right on a shared folder probl

    I have now tested this is a live environment and it works. Here are the ADVANCED permissions you need to set.

    Student Security Group
    Transverse Folders / Execute File
    List Folder / Read Data
    Create Files / Write Data
    Create Folders / Append Data
    Write Attributes
    Write Extended Attributes

    Add CREATOR OWNER group but remove the following
    Full Control
    Delete Subfolders and Files
    Delete
    Read Permissions
    Change Permissions

    Add Staff security group
    Modify permissions

    Add Administrators security group
    Full Control.

    Remember that shared folders in W2K3 are set to everyone read by default and you will need to set the necessary share permissions at the top level folder to allow staff and students write access.

    Hope this helps.

  11. #11

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23

    Re: GEtting folder permission right on a shared folder problem?

    Just to re-cap. These permissions will allow a student to save a file in the folder, open it and modify it but not delete it.

    Students will only be able to open or modify their own files.

    Staff will be able to open, modify or delete any file or folder.

    Administratos are god and can do anything they like.

  12. #12
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: GEtting folder permission right on a shared folder problem?

    @djm968 - What's in your permissions to prevent the owner of a file modifying the permissions on it?

  13. #13

    Join Date
    Sep 2006
    Location
    Essex
    Posts
    777
    Thank Post
    1
    Thanked 31 Times in 29 Posts
    Rep Power
    23

    Re: GEtting folder permission right on a shared folder problem?

    Tell me how your locked user would alter the permissions? Yes the will be the owner of the file but they should not have access to the security tab and they should not be able to run scripts to change the ACL's

  14. #14
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: GEtting folder permission right on a shared folder probl

    Quote Originally Posted by djm968
    Tell me how your locked user would alter the permissions? Yes the will be the owner of the file but they should not have access to the security tab and they should not be able to run scripts to change the ACL's
    agreed, but that's not NTFS permissions preventing them from changing access rights, it's environment lockdown.

  15. #15
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    34

    Re: GEtting folder permission right on a shared folder probl

    The answer is in the share permission...

    Test scenario;

    Server: 2003
    Client: XP SP2

    User Account: member of Domain Users, Students

    Share Permissions: Everyone: Full Control
    Folder Permissions:
    Administrators: Full Control (This folder, subfolders & files)
    Students: List, Traverse, Create Folder, Create File (This folder only)
    Students: Read, Write, Execute (Subfolders & Files only)

    OK, so I logged on to the client as a student and sure enough I was able to create a file in the test folder. I checked the permissions on the file from the server and sure enough they were Admins: Full; Students: RWX. I tried to delete the file from the client. Access denied. At the client again, went into properties of the file, Security tab and was able to add whoever I wanted with whatever access I chose (cos I'm the owner of the file). Happily deleted the file.

    I then changed the share permissions from Everyone: Full Control to Everyone: Change. At this point I could create the file, could not delete it and had no access to the security controls.

    I also tried setting a Deny to 'change permission', and the 'delete' options. These had no effect!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Use RUNAS to open a shared folder
    By OverWorked in forum How do you do....it?
    Replies: 13
    Last Post: 29th May 2013, 01:54 AM
  2. FileSystemObject Folder why permission denied
    By NetworkGeezer in forum Coding
    Replies: 16
    Last Post: 2nd September 2011, 05:10 PM
  3. adding folder security permission on all PCs
    By edie209 in forum Windows
    Replies: 7
    Last Post: 7th December 2007, 11:39 AM
  4. Folder Redirection and Permission problem
    By ArchersIT in forum Windows
    Replies: 8
    Last Post: 24th July 2007, 09:02 AM
  5. Permission set on redirected folder not applying (GPO issue)
    By projector1 in forum Wireless Networks
    Replies: 3
    Last Post: 14th February 2007, 12:46 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •