Rights Issue

[bluewhaleCA]

It has been a looooong time since I've had to work much with file/directory rights.
Please presume a work area with 100 job folders. Each job folder has 10 sub folders, with other folders beneath those as well as files. The folders are on a DC using AD. All employees are part of a created group named 'employees'. Three of these employees are admins for the domain.

The goal is to keep subdirectories from being deleted by accident. It can be accomplished by placing 'deny' on 'This folder and Sub Folders' for the acts of deletion and deleting subfolders and files. This works: people can create and delete files in any subdirectory, however they can not delete sub-folders.

The problem is that the admins are part of the 'employees ' group, thus they can not delete sub-folders either as the denial is a specific right/assignment.

I can get around this by removing the admins from ' employees ' and creating a seperate ' admin EE ' group, however in reality there are 60 gigs of files and folders to apply the rights to and as I'm dealing two or three levels down from the root folder I have to go into each job and do this manually.

Might anyone have a suggestion on how else to accomplish this goal?

Many thanks

Paul

 

[dankelt]

Instead of setting deny for employees, why not just take away Allow? That will then allow your Admins to still do what they like.

 

[bluewhaleCA]

That might work ( DOI ! ) as I'm not inheriting any rights for these folders from the parent directories.. or plan on not doing so.
I'll experiment with it tomorrow.
Thanks!

Paul