Mads Krag Dam - Homepage - MadsD.dk

A part of iSites.dk
Home
Blog
My IT
Husband
Family
Games
Pictures
Contact

NTFS allow delete subfolders files only


Written by: Mads Dam - 02.01.2014 - 0 comments

Okay, this one is a bit tricky - my job needed me to create the following share-structure:
\\nas\scan with 2 subfolders:
- \\nas\scan\printer
- \\nas\scan\plotter

  • Domain users are allowed Read permissions on \\nas\scan (it's their root network drive)
  • Domain users are allowed to create files (not folders) underneath printer and plotter
  • Domain users are allowed to delete files and subfolders inside printer and plotter
  • Domain users are NOT allowed to delete the printer or plotter-folder

Seems easy, right? Wrong - well, it is quite easy, but searching the net for answers are tricky. I hope this can help you!

 

### \\nas\scan - permissions ###
Share-permissions:
Everyone - Change

NTFS-permissions:
NAS\administrators - Full Control
NAS\Users - Read

 

### \\nas\scan\printer - permissions ###
NTFS-permissions:
- Stop inheritance Add/Copy existing stuff for easy configuring
- Domain User (add modify in the simple-permission-list - for easy configuring)

Now go to advanced permissions find the ekstra Domain User-permission that's marked Special and edit that one: Here are the checkmarks I use:

 

### Result ###
The above gives just the right access so my domain users can create and delete files and folders underneath the printer-folder. If they attempt to delete the printer-folder, they'll get an access denied!

 

### Prerequisites ###
This has been tested on at least:
- Windows Server 2008 R2 member-server
- Domain functional level: Windows Server 2003
- Forest functional level: Windows Server 2003


Comments



No comments


Write a comment


Name:
Website: *no http://
Comment: