Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting Permissions

Status
Not open for further replies.
MarkLappin

MarkLappin

IS-IT--Management
Feb 5, 2004
86
US
Howdy All,

I have a rather complex permissions problem that I am fighting with and beating my head against the wall over something which should be fairly simple.

Essentially and of utmost priority I need to restrict the DELETE files and folders permission --- seems easy enough right? just uncheck or unset the delete bit/box. Well, no, then they're losing all ability to change files.

my server is in the middle of a few to many things right now for me to go and grab the exact settings but I will post a follow up in a little bit (after close of business and link to screen shots).

I'd also like to restrict the ability to create new folders but this also seems to remove teh modify/append data permission.

The problem I'm having with the prioroty one is that removing delete seems to set everything for teh users that they can read only. Now when I run "effective permissions" it looks fine, in my testing its fine (and I'm testing as a normal user, not a domain admin) but when everybody comes in the next day i get panic calls that nobody can save documents.

Any thoughts?
Mark L.
 
Sort by date Sort by votes
Sorry it took a while, I've been busy:

These are the permissions not working but lok like what I want, they're applied to the Z clients only, ZClient is not a real client, I've changed the name since this is legal data and attorney client-confidentiality applies; these are the permissions that do not work:

F:\clients\Z>cacls zClient
F:\clients\Z\ZClient rsctaxbusters\No Legal Data
Access:(OI)(CI)N
BUILTIN\Administrators:(OI)(CI)F
CREATOR OWNER:(OI)(CI)(IO)F
rsctaxbusters\Domain
Users:(OI)(CI)(special access:)
READ_CONTROL
SYNCHRONIZE
FILE_GENERIC_READ
FILE_GENERIC_WRITE
FILE_GENERIC_EXECUTE
FILE_READ_DATA
FILE_WRITE_DATA
FILE_APPEND_DATA
FILE_READ_EA
FILE_WRITE_EA
FILE_EXECUTE
FILE_READ_ATTRIBUTES
FILE_WRITE_ATTRIBUTES
NT AUTHORITY\SYSTEM:(OI)(CI)F


F:\clients\Z>



Here are the ones that DO work but it gives domain users FULL control which i don't want:

F:\clients\C\CClient rsctaxbusters\No Legal Data Access:(OI)(CI)N
rsctaxbusters\Domain Users:(OI)(CI)(special access:)
SYNCHRONIZE
FILE_APPEND_DATA

BUILTIN\Administrators:(OI)(CI)F
CREATOR OWNER:(OI)(CI)(IO)F
rsctaxbusters\Domain Users:(OI)(CI)F
NT AUTHORITY\SYSTEM:(OI)(CI)F


F:\clients\C>


----
Any help appreciated
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
276
Scparks
Scparks
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
412
technome
technome
kurio71
  • Locked
  • Question
Clean Install of 2016 - NTFS permissions
Replies
1
Views
213
hairlessupportmonkey
hairlessupportmonkey
gbaughma
  • Locked
  • Question
Shared folder permissions
Replies
0
Views
138
gbaughma
gbaughma
froyed05
  • Locked
  • Question
DFSR local setting
Replies
0
Views
149
froyed05
froyed05

Part and Inventory Search

Sponsor

Back
Top