Need help in WIndows Folder permissons

[irsh19]

HI All,

I need help in setting up folder permission on a shred folder,here is
the senario:

Main Folder (viz shared folder)
in main folder i need some 10 folders, such as Folder 01,Folder 02...
folder10
this folder 01-10 no one should delete except Administrator,inside the
folder 01 - 10 i set permessions for user01 to user10 respectively...
these folder 01- 10 should hav ful permissions for user01-10
respectively only....

i have done all the settings,but whn i login to a client pc with user01
n access the shares n select folder01 i am unable to delte tht folder
which i need bt in tht process the contents/sub folder or files of
folder 01 is getting deleted which i dnt wnt,

i wnt the user 01 shoud go insidethe folder01 n then delete bt nt frm
the top of folder01


can anyone tel me how to setup this permissions??


thnx in adv


--
irsh19
------------------------------------------------------------------------
irsh19's Profile: http://forums.techarena.in/members/123384.htm
View this thread: http://forums.techarena.in/windows-server-help/1246254.htm

http://forums.techarena.in

 

[Ace Fekay [MCT]]

"irsh19" wrote in message
news:irsh19.3yh5vb@DoNotSpam.com...
>
> HI All,
>
> I need help in setting up folder permission on a shred folder,here is
> the senario:
>
> Main Folder (viz shared folder)
> in main folder i need some 10 folders, such as Folder 01,Folder 02...
> folder10
> this folder 01-10 no one should delete except Administrator,inside the
> folder 01 - 10 i set permessions for user01 to user10 respectively...
> these folder 01- 10 should hav ful permissions for user01-10
> respectively only....
>
> i have done all the settings,but whn i login to a client pc with user01
> n access the shares n select folder01 i am unable to delte tht folder
> which i need bt in tht process the contents/sub folder or files of
> folder 01 is getting deleted which i dnt wnt,
>
> i wnt the user 01 shoud go insidethe folder01 n then delete bt nt frm
> the top of folder01
>
>
> can anyone tel me how to setup this permissions??
>
>
> thnx in adv
>
>
> --
> irsh19
> ------------------------------------------------------------------------
> irsh19's Profile: http://forums.techarena.in/members/123384.htm
> View this thread:
> http://forums.techarena.in/windows-server-help/1246254.htm
>
> http://forums.techarena.in
>


Your post is difficult to read because you are using instant messaging
shortcut notation spelling. Please try to fully spell out words and use
punctuation. It will help everyone understand the post and help you get
better responses. Sorry to say, and with all due respect, this is not My
Space or Twitter but an engineering newsgroup/forum,specifially Techareana
posts and pulls posts from the Microsoft public newsgroups.

As for the issue at hand, you stated that you setup the permissions. but you
didn't provide the exact steps and permissions you set, or if you've removed
the default permissions inh the ACL (such as Everyone, etc) or if you've
disabled inheritance.

From what it appears that I understand what you are trying to say, is you
want one common shared folder to access multiple sub-folders respectively
named for each user, such as a home folder share for all of your users.

Try the following steps. Keep in mind, the use of any Deny permisison is not
used in this scenario, nor is it necessary.

Create a top level folder, call it Users. Share it as Users. Set the Share
Permissions as:
Authenticated Users = Change
Domain Administrators = Full Control

Then set the NTFS Permissions (security tab) as:
Click Advanced, uncheck Inherited, click on Copy when the message pops
up
Remove Everyone. Leave everything else. Add the following:
Domain Admins = FC
Authenticated Users = Modify

Then create each subfolder based on their names, as I understand you are
trying to indicate. Then set each permissions individually. For example, for
User01, create the User01 Folder under the Users folder. Then set the NTFS
(security tab) permissions as thefollowing below.

Keep in mind, it is important that inheritance is disabled, as stated below
in each folder, so you that can remove the default Everyone or Domain users,
if they exist.

User01 Folder
Click Advanced, uncheck Inherited, click on Copy when the message pops
up
Remove Everyone and Domain users. Leave everything else. Add the
following:
Domain Admins = FC
User01 = FC

User02 Folder
Click Advanced, uncheck Inherited, click on Copy when the message pops
up
Remove Everyone and Domain users. Leave everything else. Add the
following:
Domain Admins = FC
User02 = FC

User03 Folder
etc...

If it still doesn't work, then you are missing a step somewhere.

Also, Keep in mind for the following, that Share permissions allows the
intial connection. Then the NTFS permissions are combined with the Share
permissions to provide the Most Restrictive. This means that if a user has
Full Control on the Share permissions, and Read on the NTFS permissions, the
Effective (resulting) permissions is the user will only have Read. If the
user has Change on the share, and not listed in the subfolder (such as
User01 is not listed in User02's ACL), then User01 cannot open User02's
folder. That's why we can set higher Share permissions at the parent for the
initial access, then control the resulting or Effective permissions with
NTFS. When a user is logged on successfully to a domain, an access token is
given the user account. The access token is compared to the ACL (Access
Control List) in the Share and NTFS (security tab) permissions to determine
access. The system simply uses the AD user account for access enumeration.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.