Thanks Kurt. I'm halfway done doing all the folders individually, but I do see one big difference. I basically had a Secure folder and then 50 subs underneath it. You're doing it a smarter way - having varous groups of subfolders underneath the top level folder, and each group has different permissions. I'm going to switch to that soon which will make this muych more manageable. I wish I'd been able to figure out how to just assign restrictive permissions on the top level folder, and then pick and choose which folders to overwrite underneath that, but it just wasn't happening.
Thanks again! Evan -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Thursday, June 23, 2011 12:50 PM To: NT System Admin Issues Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions) The interesting NTFS permissions on the directory that is shared (K:\Groups) for my example are: Domain Users: Read-Execute - This folder only Read-Execute permissions include: Traverse Folder/Execute File List Folder/Read Data Read Attributes Read Extended Attributes Read Permissions On the next subdirectory (K:\Groups\Dummy), it's Domain Users: Read-Execute - This folder only On the subdirectory K:\Grouups\Dummy\Private (which is meant only for members of that department), the permissons are: DepartmentMembers: Modify - This folder, subfolders and files On the subdirectory k:\Groups\Dummy\Public (which is meant to be R-O for Domain users, but departement members have read-right), the permissions are: Domain Users: Read-Execute - This folder, subfolders and files DepartmentMembers: Modify - This folder, subfolders and files Kurt On Thu, Jun 23, 2011 at 09:33, Evan Brastow <ebras...@automatedemblem.com> wrote: > No luck. Even though all users now have Traverse folder/execute file and > List folder/read data rights on the top level folder, still no one can even > see that folder, nevermind subfolders. > > > > So, I guess I'm going to have to assign people a bunch of rights for the top > level folder, then I'll just go to each sub level folder manually and take > away their right there. > > > > Thanks all for trying to help. > > > > Evan > > > > > > From: Evan Brastow > Sent: Thursday, June 23, 2011 12:27 PM > > To: 'NT System Admin Issues' > Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions) > > > > Darn.. I set all users to have the Traverse folder/execute file rights on > the top level folder, and they still can't even see the folder. Geesh... > I've got 15 users doing nothing while I'm figuring this out... lol > > > > I'm going to try assigning them the List folder/read date rights, too.. but > I'm afraid that will let them, list contents of subfolders within the top > level folder, too. Oh well.. I'll let you guys know how it goes. > > > > Evan > > > > From: Evan Brastow > Sent: Thursday, June 23, 2011 11:49 AM > To: 'NT System Admin Issues' > Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions) > > > > Hrm.. one more question. I'll try FileACL tonight, but for now I'm just > setting permissions on the top level folder and then overriding those > permissions on the few folders I need to. Question is... what permission do > I need to give users to just see the sub level folders? I see Traverse > folder/execute file and List folder/read data which sound pertinent... but I > just want to be sure I know the end result of those options? > > > > Currently I'm back to where users can't even see that the top level folder > exists, which is not what I'm looking for.... > > > > Thanks again peoples... > > > > Evan > > > > > > > > From: Andrew S. Baker [mailto:asbz...@gmail.com] > Sent: Wednesday, June 22, 2011 6:34 PM > To: NT System Admin Issues > Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions) > > > > Just remove the inheritance on the few folders that you need to setup > different permissions on, rather than from the root itself > > -ASB: http://about.me/Andrew.S.Baker > > Sent from my Motorola Droid > > On Jun 22, 2011 6:02 PM, "Evan Brastow" <ebras...@automatedemblem.com> > wrote: >> Amazingly simply question, but I've not done this in so long that I can't >> remember. >> >> I have a folder on my file server (Windows 2008 R2) called Secure. >> >> Within that folder there are around 50 subfolders. Most users have no >> access to these folder, but some do need access to a few. So I had set up >> SYSTEM and Domain Admin full control on the Secure top level folder. Then I >> tried to change the subfolders where some users needed permissions, but it >> told me the folder permissions couldn't be changed because they were >> inheriting from their parent. Do I need to get rid of inheritable >> permissions so that I can have a few folders that have different permission >> levels than their parent? >> >> If I get rid of inherited permissions, and have to go set all 50 folders >> manually, which would be a pain, what do I need to set them to? >> >> Essentially, I need User A to click on the Secure folder and see nothing >> in it (or the folder list could be shown, I don't care) but I need User B to >> click on the Secure folder and see (and be able to read/write to) the >> folders he needs to access and change. >> >> Help!!?? >> >> I know I had this set up before, but when I moved to a new server, I lost >> those permissions. >> >> Thanks, >> >> Evan >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
