subject:"RE\: Woah... why am I brain cramping on this\!\? \(Folder permissions\)"

Re: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Kurt Buff

Sorry - got distracted, and sent a truncated list of permissions.

On K:\Groups\Dummy, the permissions are

The interesting NTFS permissions on the directory that is shared
(K:\Groups) for my example are:
Domain Users: Read-Execute - This folder only
 Read-Execute permissions include:
  Traverse Folder/Execute File
  List Folder/Read Data
  Read Attributes
  Read Extended Attributes
  Read Permissions
 Creator/Owner:Modify - Subfolders and files only
 DepartmentManagers: Special permissions - This folder and subfolder
  Traverse Folder/Execute File
  List Folder/Read Data
  Read Attributes
  Read Extended Attributes
  Read Permissions
  Create Folders/Append Data
  Write Attributes
  Write Extended Attributes
  Delete Subfolders and Files

Kurt


On Thu, Jun 23, 2011 at 09:33, Evan Brastow
 wrote:
> No luck. Even though all users now have Traverse folder/execute file  and
> List folder/read data rights on the top level folder, still no one can even
> see that folder, nevermind subfolders.
>
>
>
> So, I guess I'm going to have to assign people a bunch of rights for the top
> level folder, then I'll just go to each sub level folder manually and take
> away their right there.
>
>
>
> Thanks all for trying to help.
>
>
>
> Evan
>
>
>
>
>
> From: Evan Brastow
> Sent: Thursday, June 23, 2011 12:27 PM
>
> To: 'NT System Admin Issues'
> Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Darn.. I set all users to have the Traverse folder/execute file rights on
> the top level folder, and they still can't even see the folder. Geesh...
> I've got 15 users doing nothing while I'm figuring this out... lol
>
>
>
> I'm going to try assigning them the List folder/read date rights, too.. but
> I'm afraid that will let them, list contents of subfolders within the top
> level folder, too. Oh well.. I'll let you guys know how it goes.
>
>
>
> Evan
>
>
>
> From: Evan Brastow
> Sent: Thursday, June 23, 2011 11:49 AM
> To: 'NT System Admin Issues'
> Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Hrm.. one more question. I'll try FileACL tonight, but for now I'm just
> setting permissions on the top level folder and then overriding those
> permissions on the few folders I need to. Question is... what permission do
> I need to give users to just see the sub level folders? I see Traverse
> folder/execute file and List folder/read data which sound pertinent... but I
> just want to be sure I know the end result of those options?
>
>
>
> Currently I'm back to where users can't even see that the top level folder
> exists, which is not what I'm looking for
>
>
>
> Thanks again peoples...
>
>
>
> Evan
>
>
>
>
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Wednesday, June 22, 2011 6:34 PM
> To: NT System Admin Issues
> Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Just remove the inheritance on the few folders that you need to setup
> different permissions on, rather than from the root itself
>
> -ASB: http://about.me/Andrew.S.Baker
>
> Sent from my Motorola Droid
>
> On Jun 22, 2011 6:02 PM, "Evan Brastow" 
> wrote:
>> Amazingly simply question, but I've not done this in so long that I can't
>> remember.
>>
>> I have a folder on my file server (Windows 2008 R2) called Secure.
>>
>> Within that folder there are around 50 subfolders. Most users have no
>> access to these folder, but some do need access to a few. So I had set up
>> SYSTEM and Domain Admin full control on the Secure top level folder. Then I
>> tried to change the subfolders where some users needed permissions, but it
>> told me the folder permissions couldn't be changed because they were
>> inheriting from their parent. Do I need to get rid of inheritable
>> permissions so that I can have a few folders that have different permission
>> levels than their parent?
>>
>> If I get rid of inherited permissions, and have to go set all 50 folders
>> manually, which would be a pain, what do I need to set them to?
>>
>> Essentially, I need User A to click on the Secure folder and see nothing
>> in it (or the folder list could be shown, I don't care) but I need User B to
>> click on the Secure folder and see (and be able to read/write to) the
>>

RE: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Joseph Heaton

This is a share, right?  What are the share rights for the users?

>>> Evan Brastow  06/23/11 9:34 AM >>>
No luck. Even though all users now have Traverse folder/execute file  and  List 
folder/read data rights on the top level folder, still no one can even see that 
folder, nevermind subfolders.

So, I guess I'm going to have to assign people a bunch of rights for the top 
level folder, then I'll just go to each sub level folder manually and take away 
their right there.

Thanks all for trying to help.

Evan

From: Evan Brastow
Sent: Thursday, June 23, 2011 12:27 PM
To: 'NT System Admin Issues'
Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)

Darn.. I set all users to have the Traverse folder/execute file rights on the 
top level folder, and they still can't even see the folder. Geesh... I've got 
15 users doing nothing while I'm figuring this out... lol

I'm going to try assigning them the List folder/read date rights, too.. but I'm 
afraid that will let them, list contents of subfolders within the top level 
folder, too. Oh well.. I'll let you guys know how it goes.

Evan

From: Evan Brastow
Sent: Thursday, June 23, 2011 11:49 AM
To: 'NT System Admin Issues'
Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)

Hrm.. one more question. I'll try FileACL tonight, but for now I'm just setting 
permissions on the top level folder and then overriding those permissions on 
the few folders I need to. Question is... what permission do I need to give 
users to just see the sub level folders? I see Traverse folder/execute file and 
List folder/read data which sound pertinent... but I just want to be sure I 
know the end result of those options?

Currently I'm back to where users can't even see that the top level folder 
exists, which is not what I'm looking for

Thanks again peoples...

Evan

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, June 22, 2011 6:34 PM
To: NT System Admin Issues
Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)

Just remove the inheritance on the few folders that you need to setup different 
permissions on, rather than from the root itself

-ASB: http://about.me/Andrew.S.Baker

Sent from my Motorola Droid
On Jun 22, 2011 6:02 PM, "Evan Brastow" 
mailto:ebras...@automatedemblem.com>> wrote:
> Amazingly simply question, but I've not done this in so long that I can't 
> remember.
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
> Within that folder there are around 50 subfolders. Most users have no access 
> to these folder, but some do need access to a few. So I had set up SYSTEM and 
> Domain Admin full control on the Secure top level folder. Then I tried to 
> change the subfolders where some users needed permissions, but it told me the 
> folder permissions couldn't be changed because they were inheriting from 
> their parent. Do I need to get rid of inheritable permissions so that I can 
> have a few folders that have different permission levels than their parent?
>
> If I get rid of inherited permissions, and have to go set all 50 folders 
> manually, which would be a pain, what do I need to set them to?
>
> Essentially, I need User A to click on the Secure folder and see nothing in 
> it (or the folder list could be shown, I don't care) but I need User B to 
> click on the Secure folder and see (and be able to read/write to) the folders 
> he needs to access and change.
>
> Help!!??
>
> I know I had this set up before, but when I moved to a new server, I lost 
> those permissions.
>
> Thanks,
>
> Evan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysad

RE: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Evan Brastow

Thanks Kurt. I'm halfway done doing all the folders individually, but I do see 
one big difference. I basically had a Secure folder and then 50 subs underneath 
it. You're doing it a smarter way - having varous groups of subfolders 
underneath the top level folder, and each group has different permissions. I'm 
going to switch to that soon which will make this muych more manageable. I wish 
I'd been able to figure out how to just assign restrictive permissions on the 
top level folder, and then pick and choose which folders to overwrite 
underneath that, but it just wasn't happening.

Thanks again!

Evan 


-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Thursday, June 23, 2011 12:50 PM
To: NT System Admin Issues
Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)

The interesting NTFS permissions on the directory that is shared
(K:\Groups) for my example are:
 Domain Users: Read-Execute - This folder only
  Read-Execute permissions include:
   Traverse Folder/Execute File
   List Folder/Read Data
   Read Attributes
   Read Extended Attributes
   Read Permissions

On the next subdirectory (K:\Groups\Dummy), it's
 Domain Users: Read-Execute - This folder only

On the subdirectory K:\Grouups\Dummy\Private (which is meant only for
members of that department), the permissons are:
DepartmentMembers: Modify - This folder, subfolders and files

On the subdirectory k:\Groups\Dummy\Public (which is meant to be R-O
for Domain users, but departement members have read-right), the
permissions are:
 Domain Users: Read-Execute - This folder, subfolders and files
 DepartmentMembers: Modify - This folder, subfolders and files

Kurt

On Thu, Jun 23, 2011 at 09:33, Evan Brastow
 wrote:
> No luck. Even though all users now have Traverse folder/execute file  and
> List folder/read data rights on the top level folder, still no one can even
> see that folder, nevermind subfolders.
>
>
>
> So, I guess I'm going to have to assign people a bunch of rights for the top
> level folder, then I'll just go to each sub level folder manually and take
> away their right there.
>
>
>
> Thanks all for trying to help.
>
>
>
> Evan
>
>
>
>
>
> From: Evan Brastow
> Sent: Thursday, June 23, 2011 12:27 PM
>
> To: 'NT System Admin Issues'
> Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Darn.. I set all users to have the Traverse folder/execute file rights on
> the top level folder, and they still can't even see the folder. Geesh...
> I've got 15 users doing nothing while I'm figuring this out... lol
>
>
>
> I'm going to try assigning them the List folder/read date rights, too.. but
> I'm afraid that will let them, list contents of subfolders within the top
> level folder, too. Oh well.. I'll let you guys know how it goes.
>
>
>
> Evan
>
>
>
> From: Evan Brastow
> Sent: Thursday, June 23, 2011 11:49 AM
> To: 'NT System Admin Issues'
> Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Hrm.. one more question. I'll try FileACL tonight, but for now I'm just
> setting permissions on the top level folder and then overriding those
> permissions on the few folders I need to. Question is... what permission do
> I need to give users to just see the sub level folders? I see Traverse
> folder/execute file and List folder/read data which sound pertinent... but I
> just want to be sure I know the end result of those options?
>
>
>
> Currently I'm back to where users can't even see that the top level folder
> exists, which is not what I'm looking for
>
>
>
> Thanks again peoples...
>
>
>
> Evan
>
>
>
>
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Wednesday, June 22, 2011 6:34 PM
> To: NT System Admin Issues
> Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Just remove the inheritance on the few folders that you need to setup
> different permissions on, rather than from the root itself
>
> -ASB: http://about.me/Andrew.S.Baker
>
> Sent from my Motorola Droid
>
> On Jun 22, 2011 6:02 PM, "Evan Brastow" 
> wrote:
>> Amazingly simply question, but I've not done this in so long that I can't
>> remember.
>>
>> I have a folder on my file server (Windows 2008 R2) called Secure.
>>
>> Within that folder there are around 50 subfolders. Most users have no
>> access to these folder, but some do need access to a few. So I had set up
>> SYSTE

Re: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Kurt Buff

The interesting NTFS permissions on the directory that is shared
(K:\Groups) for my example are:
 Domain Users: Read-Execute - This folder only
  Read-Execute permissions include:
   Traverse Folder/Execute File
   List Folder/Read Data
   Read Attributes
   Read Extended Attributes
   Read Permissions

On the next subdirectory (K:\Groups\Dummy), it's
 Domain Users: Read-Execute - This folder only

On the subdirectory K:\Grouups\Dummy\Private (which is meant only for
members of that department), the permissons are:
DepartmentMembers: Modify - This folder, subfolders and files

On the subdirectory k:\Groups\Dummy\Public (which is meant to be R-O
for Domain users, but departement members have read-right), the
permissions are:
 Domain Users: Read-Execute - This folder, subfolders and files
 DepartmentMembers: Modify - This folder, subfolders and files

Kurt

On Thu, Jun 23, 2011 at 09:33, Evan Brastow
 wrote:
> No luck. Even though all users now have Traverse folder/execute file  and
> List folder/read data rights on the top level folder, still no one can even
> see that folder, nevermind subfolders.
>
>
>
> So, I guess I'm going to have to assign people a bunch of rights for the top
> level folder, then I'll just go to each sub level folder manually and take
> away their right there.
>
>
>
> Thanks all for trying to help.
>
>
>
> Evan
>
>
>
>
>
> From: Evan Brastow
> Sent: Thursday, June 23, 2011 12:27 PM
>
> To: 'NT System Admin Issues'
> Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Darn.. I set all users to have the Traverse folder/execute file rights on
> the top level folder, and they still can't even see the folder. Geesh...
> I've got 15 users doing nothing while I'm figuring this out... lol
>
>
>
> I'm going to try assigning them the List folder/read date rights, too.. but
> I'm afraid that will let them, list contents of subfolders within the top
> level folder, too. Oh well.. I'll let you guys know how it goes.
>
>
>
> Evan
>
>
>
> From: Evan Brastow
> Sent: Thursday, June 23, 2011 11:49 AM
> To: 'NT System Admin Issues'
> Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Hrm.. one more question. I'll try FileACL tonight, but for now I'm just
> setting permissions on the top level folder and then overriding those
> permissions on the few folders I need to. Question is... what permission do
> I need to give users to just see the sub level folders? I see Traverse
> folder/execute file and List folder/read data which sound pertinent... but I
> just want to be sure I know the end result of those options?
>
>
>
> Currently I'm back to where users can't even see that the top level folder
> exists, which is not what I'm looking for
>
>
>
> Thanks again peoples...
>
>
>
> Evan
>
>
>
>
>
>
>
> From: Andrew S. Baker [mailto:asbz...@gmail.com]
> Sent: Wednesday, June 22, 2011 6:34 PM
> To: NT System Admin Issues
> Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)
>
>
>
> Just remove the inheritance on the few folders that you need to setup
> different permissions on, rather than from the root itself
>
> -ASB: http://about.me/Andrew.S.Baker
>
> Sent from my Motorola Droid
>
> On Jun 22, 2011 6:02 PM, "Evan Brastow" 
> wrote:
>> Amazingly simply question, but I've not done this in so long that I can't
>> remember.
>>
>> I have a folder on my file server (Windows 2008 R2) called Secure.
>>
>> Within that folder there are around 50 subfolders. Most users have no
>> access to these folder, but some do need access to a few. So I had set up
>> SYSTEM and Domain Admin full control on the Secure top level folder. Then I
>> tried to change the subfolders where some users needed permissions, but it
>> told me the folder permissions couldn't be changed because they were
>> inheriting from their parent. Do I need to get rid of inheritable
>> permissions so that I can have a few folders that have different permission
>> levels than their parent?
>>
>> If I get rid of inherited permissions, and have to go set all 50 folders
>> manually, which would be a pain, what do I need to set them to?
>>
>> Essentially, I need User A to click on the Secure folder and see nothing
>> in it (or the folder list could be shown, I don't care) but I need User B to
>> click on the Secure folder and see (and be able to read/write to) the
&g

RE: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Evan Brastow

No luck. Even though all users now have Traverse folder/execute file  and  List 
folder/read data rights on the top level folder, still no one can even see that 
folder, nevermind subfolders.

So, I guess I'm going to have to assign people a bunch of rights for the top 
level folder, then I'll just go to each sub level folder manually and take away 
their right there.

Thanks all for trying to help.

Evan

From: Evan Brastow
Sent: Thursday, June 23, 2011 12:27 PM
To: 'NT System Admin Issues'
Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)

Darn.. I set all users to have the Traverse folder/execute file rights on the 
top level folder, and they still can't even see the folder. Geesh... I've got 
15 users doing nothing while I'm figuring this out... lol

I'm going to try assigning them the List folder/read date rights, too.. but I'm 
afraid that will let them, list contents of subfolders within the top level 
folder, too. Oh well.. I'll let you guys know how it goes.

Evan

From: Evan Brastow
Sent: Thursday, June 23, 2011 11:49 AM
To: 'NT System Admin Issues'
Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)

Hrm.. one more question. I'll try FileACL tonight, but for now I'm just setting 
permissions on the top level folder and then overriding those permissions on 
the few folders I need to. Question is... what permission do I need to give 
users to just see the sub level folders? I see Traverse folder/execute file and 
List folder/read data which sound pertinent... but I just want to be sure I 
know the end result of those options?

Currently I'm back to where users can't even see that the top level folder 
exists, which is not what I'm looking for

Thanks again peoples...

Evan

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, June 22, 2011 6:34 PM
To: NT System Admin Issues
Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)

Just remove the inheritance on the few folders that you need to setup different 
permissions on, rather than from the root itself

-ASB: http://about.me/Andrew.S.Baker

Sent from my Motorola Droid
On Jun 22, 2011 6:02 PM, "Evan Brastow" 
mailto:ebras...@automatedemblem.com>> wrote:
> Amazingly simply question, but I've not done this in so long that I can't 
> remember.
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
> Within that folder there are around 50 subfolders. Most users have no access 
> to these folder, but some do need access to a few. So I had set up SYSTEM and 
> Domain Admin full control on the Secure top level folder. Then I tried to 
> change the subfolders where some users needed permissions, but it told me the 
> folder permissions couldn't be changed because they were inheriting from 
> their parent. Do I need to get rid of inheritable permissions so that I can 
> have a few folders that have different permission levels than their parent?
>
> If I get rid of inherited permissions, and have to go set all 50 folders 
> manually, which would be a pain, what do I need to set them to?
>
> Essentially, I need User A to click on the Secure folder and see nothing in 
> it (or the folder list could be shown, I don't care) but I need User B to 
> click on the Secure folder and see (and be able to read/write to) the folders 
> he needs to access and change.
>
> Help!!??
>
> I know I had this set up before, but when I moved to a new server, I lost 
> those permissions.
>
> Thanks,
>
> Evan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Evan Brastow

Darn.. I set all users to have the Traverse folder/execute file rights on the 
top level folder, and they still can't even see the folder. Geesh... I've got 
15 users doing nothing while I'm figuring this out... lol

I'm going to try assigning them the List folder/read date rights, too.. but I'm 
afraid that will let them, list contents of subfolders within the top level 
folder, too. Oh well.. I'll let you guys know how it goes.

Evan

From: Evan Brastow
Sent: Thursday, June 23, 2011 11:49 AM
To: 'NT System Admin Issues'
Subject: RE: Woah... why am I brain cramping on this!? (Folder permissions)

Hrm.. one more question. I'll try FileACL tonight, but for now I'm just setting 
permissions on the top level folder and then overriding those permissions on 
the few folders I need to. Question is... what permission do I need to give 
users to just see the sub level folders? I see Traverse folder/execute file and 
List folder/read data which sound pertinent... but I just want to be sure I 
know the end result of those options?

Currently I'm back to where users can't even see that the top level folder 
exists, which is not what I'm looking for

Thanks again peoples...

Evan

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, June 22, 2011 6:34 PM
To: NT System Admin Issues
Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)

Just remove the inheritance on the few folders that you need to setup different 
permissions on, rather than from the root itself

-ASB: http://about.me/Andrew.S.Baker

Sent from my Motorola Droid
On Jun 22, 2011 6:02 PM, "Evan Brastow" 
mailto:ebras...@automatedemblem.com>> wrote:
> Amazingly simply question, but I've not done this in so long that I can't 
> remember.
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
> Within that folder there are around 50 subfolders. Most users have no access 
> to these folder, but some do need access to a few. So I had set up SYSTEM and 
> Domain Admin full control on the Secure top level folder. Then I tried to 
> change the subfolders where some users needed permissions, but it told me the 
> folder permissions couldn't be changed because they were inheriting from 
> their parent. Do I need to get rid of inheritable permissions so that I can 
> have a few folders that have different permission levels than their parent?
>
> If I get rid of inherited permissions, and have to go set all 50 folders 
> manually, which would be a pain, what do I need to set them to?
>
> Essentially, I need User A to click on the Secure folder and see nothing in 
> it (or the folder list could be shown, I don't care) but I need User B to 
> click on the Secure folder and see (and be able to read/write to) the folders 
> he needs to access and change.
>
> Help!!??
>
> I know I had this set up before, but when I moved to a new server, I lost 
> those permissions.
>
> Thanks,
>
> Evan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Kurt Buff

Be aware that the first line sets permissions at the root of the
drive, and propagates them down the entire tree.

Please read the web site for gbordier's tool before running amok with it.

On Thu, Jun 23, 2011 at 07:24, Evan Brastow
 wrote:
> Thank you Kurt. I may try this tool. I think the main challenge I was running 
> into was that if I set permissions on the top level directory to only SYSTEM 
> and Domain Admins, then even if I set read/write permissions on the 
> subfolders I wanted users to have access to, they couldn't even see the 
> folder. I'm going to try your template on a test directory as you suggested 
> so I can see if I can figure out what it's doing :)
>
> Evan
>
>
>
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, June 22, 2011 6:36 PM
> To: NT System Admin Issues
> Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)
>
> Evan,
>
> Don't get rid of inheritance as such, because it's your friend.
>
> Instead, work your way down from the top, and set the permissions on
> individual directories. We made a very deliberate decision to limit
> applications of permissions to no deeper than the 2nd subdirectory
> underneath the spot where the share lives.
>
> On the k$ drive on my file server, I have a directory called Groups
> that's shared to the world. Each department's directory in that shared
> directory is set up in the style of the dummy directory above. That
> first line is the secret sauce here - the permissions for Domain Users
> are limited to the top level (they can see the subdirectories and
> files, but can't navigate into the directories and the files at the
> root are R-O), and then subdirectories are given the explicit
> permissions needed.
>
> I use fileacl.exe to work through these situations, and this is the
> template I use to start with:
>
> FILEACL k:\ /S "BUILTIN\Administrators":F /S "NT AUTHORITY\SYSTEM":F
> /REPLACE /PROTECT
> FILEACL "k:\Groups" /S "EXAMPLE\Domain Users":RX/U/U
> FILEACL "k:\Groups\Dummy" /S "BUILTIN\Administrators":RWXD/U/U /S
> "CREATOR OWNER":U/RWXD/RWXD /S "EXAMPLE\Domain Users":RX/U/U /S
> "EXAMPLE\US-HomeGroupsDummyManagers":RAWaWeXDc/U
> FILEACL "k:\Groups\Dummy\Private" /S
> "EXAMPLE\US-HomeGroupsDummyUsers":RWXD /S
> "EXAMPLE\US-HomeGroupsDummyManagers":RWXD
> FILEACL "k:\Groups\Dummy\Public" /S
> "EXAMPLE\US-HomeGroupsDummyUsers":RWXD /S
> "EXAMPLE\US-HomeGroupsDummyManagers":RWXD /S "EXAMPLE\Domain Users":RX
>
> Fileacl.exe is a really good tool, well suited for this task. Modify
> the above to experiment with a test directory, then examine the
> permissions through the Properties dialog, and you'll see what's
> happening really quickly.
>
> BTW - This is the text of the Readme.txt file at the root of each
> department's directory, suitably modified, of course:
>
> --
> Directions for using this directory:
>
> 1) Only new directories can be created at the top level of this
> directory - not new files - and those can only be created by members
> of US-GroupsDummyManagers or by IT.
>
> 2) If a new top-level directory is created, initial permissions on it
> will only be for US-GroupsDummyManagers - any further permissions will
> need to be added by IT.
>
> 3) Permissions will only be placed on top-level directories within the
> departmental directory. If permissions need to be modified further
> down the directory tree, the subdirectory in question should be moved
> to another top-level folder inside of you're deparment's directory.
>
> If you have any questions or concerns about how this works, please
> submit a helpdesk ticket.
> 
>
> Kurt
>
> On Wed, Jun 22, 2011 at 15:02, Evan Brastow
>  wrote:
>> Amazingly simply question, but I've not done this in so long that I can't
>> remember.
>>
>>
>>
>> I have a folder on my file server (Windows 2008 R2) called Secure.
>>
>>
>>
>> Within that folder there are around 50 subfolders. Most users have no access
>> to these folder, but some do need access to a few. So I had set up SYSTEM
>> and Domain Admin full control on the Secure top level folder. Then I tried
>> to change the subfolders where some users needed permissions, but it told me
>> the folder permissions couldn't be changed because they were inheriting from
>> their parent. Do I need to get rid of inheritable permissions so that I can
>> have a few folders that have d

RE: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Evan Brastow

Hrm.. one more question. I'll try FileACL tonight, but for now I'm just setting 
permissions on the top level folder and then overriding those permissions on 
the few folders I need to. Question is... what permission do I need to give 
users to just see the sub level folders? I see Traverse folder/execute file and 
List folder/read data which sound pertinent... but I just want to be sure I 
know the end result of those options?

Currently I'm back to where users can't even see that the top level folder 
exists, which is not what I'm looking for

Thanks again peoples...

Evan



From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, June 22, 2011 6:34 PM
To: NT System Admin Issues
Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)


Just remove the inheritance on the few folders that you need to setup different 
permissions on, rather than from the root itself

-ASB: http://about.me/Andrew.S.Baker

Sent from my Motorola Droid
On Jun 22, 2011 6:02 PM, "Evan Brastow" 
mailto:ebras...@automatedemblem.com>> wrote:
> Amazingly simply question, but I've not done this in so long that I can't 
> remember.
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
> Within that folder there are around 50 subfolders. Most users have no access 
> to these folder, but some do need access to a few. So I had set up SYSTEM and 
> Domain Admin full control on the Secure top level folder. Then I tried to 
> change the subfolders where some users needed permissions, but it told me the 
> folder permissions couldn't be changed because they were inheriting from 
> their parent. Do I need to get rid of inheritable permissions so that I can 
> have a few folders that have different permission levels than their parent?
>
> If I get rid of inherited permissions, and have to go set all 50 folders 
> manually, which would be a pain, what do I need to set them to?
>
> Essentially, I need User A to click on the Secure folder and see nothing in 
> it (or the folder list could be shown, I don't care) but I need User B to 
> click on the Secure folder and see (and be able to read/write to) the folders 
> he needs to access and change.
>
> Help!!??
>
> I know I had this set up before, but when I moved to a new server, I lost 
> those permissions.
>
> Thanks,
>
> Evan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Evan Brastow

Thank you Kurt. I may try this tool. I think the main challenge I was running 
into was that if I set permissions on the top level directory to only SYSTEM 
and Domain Admins, then even if I set read/write permissions on the subfolders 
I wanted users to have access to, they couldn't even see the folder. I'm going 
to try your template on a test directory as you suggested so I can see if I can 
figure out what it's doing :)

Evan

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, June 22, 2011 6:36 PM
To: NT System Admin Issues
Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)

Evan,

Don't get rid of inheritance as such, because it's your friend.

Instead, work your way down from the top, and set the permissions on
individual directories. We made a very deliberate decision to limit
applications of permissions to no deeper than the 2nd subdirectory
underneath the spot where the share lives.

On the k$ drive on my file server, I have a directory called Groups
that's shared to the world. Each department's directory in that shared
directory is set up in the style of the dummy directory above. That
first line is the secret sauce here - the permissions for Domain Users
are limited to the top level (they can see the subdirectories and
files, but can't navigate into the directories and the files at the
root are R-O), and then subdirectories are given the explicit
permissions needed.

I use fileacl.exe to work through these situations, and this is the
template I use to start with:

FILEACL k:\ /S "BUILTIN\Administrators":F /S "NT AUTHORITY\SYSTEM":F
/REPLACE /PROTECT
FILEACL "k:\Groups" /S "EXAMPLE\Domain Users":RX/U/U
FILEACL "k:\Groups\Dummy" /S "BUILTIN\Administrators":RWXD/U/U /S
"CREATOR OWNER":U/RWXD/RWXD /S "EXAMPLE\Domain Users":RX/U/U /S
"EXAMPLE\US-HomeGroupsDummyManagers":RAWaWeXDc/U
FILEACL "k:\Groups\Dummy\Private" /S
"EXAMPLE\US-HomeGroupsDummyUsers":RWXD /S
"EXAMPLE\US-HomeGroupsDummyManagers":RWXD
FILEACL "k:\Groups\Dummy\Public" /S
"EXAMPLE\US-HomeGroupsDummyUsers":RWXD /S
"EXAMPLE\US-HomeGroupsDummyManagers":RWXD /S "EXAMPLE\Domain Users":RX

Fileacl.exe is a really good tool, well suited for this task. Modify
the above to experiment with a test directory, then examine the
permissions through the Properties dialog, and you'll see what's
happening really quickly.

BTW - This is the text of the Readme.txt file at the root of each
department's directory, suitably modified, of course:

--
Directions for using this directory:

1) Only new directories can be created at the top level of this
directory - not new files - and those can only be created by members
of US-GroupsDummyManagers or by IT.

2) If a new top-level directory is created, initial permissions on it
will only be for US-GroupsDummyManagers - any further permissions will
need to be added by IT.

3) Permissions will only be placed on top-level directories within the
departmental directory. If permissions need to be modified further
down the directory tree, the subdirectory in question should be moved
to another top-level folder inside of you're deparment's directory.

If you have any questions or concerns about how this works, please
submit a helpdesk ticket.

Kurt

On Wed, Jun 22, 2011 at 15:02, Evan Brastow
 wrote:
> Amazingly simply question, but I've not done this in so long that I can't
> remember.
>
>
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
>
>
> Within that folder there are around 50 subfolders. Most users have no access
> to these folder, but some do need access to a few. So I had set up SYSTEM
> and Domain Admin full control on the Secure top level folder. Then I tried
> to change the subfolders where some users needed permissions, but it told me
> the folder permissions couldn't be changed because they were inheriting from
> their parent. Do I need to get rid of inheritable permissions so that I can
> have a few folders that have different permission levels than their parent?
>
>
>
> If I get rid of inherited permissions, and have to go set all 50 folders
> manually, which would be a pain, what do I need to set them to?
>
>
>
> Essentially, I need User A to click on the Secure folder and see nothing in
> it (or the folder list could be shown, I don't care) but I need User B to
> click on the Secure folder and see (and be able to read/write to) the
> folders he needs to access and change.
>
>
>
> Help!!??
>
>
>
> I know I had this set up before, but when I moved to a new server, I lost
> those permissions.
>
>
>
> Thanks,
>
>
>
> Evan

RE: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Evan Brastow

Thank you to all for replying. I'll have to wait until tonight to redo the 
permissions but it's coming back to me now. Weird when you don't do something 
for a long time and the simplest thing seems to escape you.

Thanks again,

Evan

From: Andrew S. Baker [mailto:asbz...@gmail.com]
Sent: Wednesday, June 22, 2011 6:34 PM
To: NT System Admin Issues
Subject: Re: Woah... why am I brain cramping on this!? (Folder permissions)


Just remove the inheritance on the few folders that you need to setup different 
permissions on, rather than from the root itself

-ASB: http://about.me/Andrew.S.Baker

Sent from my Motorola Droid
On Jun 22, 2011 6:02 PM, "Evan Brastow" 
mailto:ebras...@automatedemblem.com>> wrote:
> Amazingly simply question, but I've not done this in so long that I can't 
> remember.
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
> Within that folder there are around 50 subfolders. Most users have no access 
> to these folder, but some do need access to a few. So I had set up SYSTEM and 
> Domain Admin full control on the Secure top level folder. Then I tried to 
> change the subfolders where some users needed permissions, but it told me the 
> folder permissions couldn't be changed because they were inheriting from 
> their parent. Do I need to get rid of inheritable permissions so that I can 
> have a few folders that have different permission levels than their parent?
>
> If I get rid of inherited permissions, and have to go set all 50 folders 
> manually, which would be a pain, what do I need to set them to?
>
> Essentially, I need User A to click on the Secure folder and see nothing in 
> it (or the folder list could be shown, I don't care) but I need User B to 
> click on the Secure folder and see (and be able to read/write to) the folders 
> he needs to access and change.
>
> Help!!??
>
> I know I had this set up before, but when I moved to a new server, I lost 
> those permissions.
>
> Thanks,
>
> Evan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to 
> listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-23 Thread Mike Leone

On 6/22/2011 6:18 PM, Art DeKneef wrote:
> If you stop Inheritable permissions from the top level folder, the
> bottom folders retain the current permissions. 

Unless you replace permissions on the subfolders. That's what we do,
when we seize ownership - we also copy the permissions to the the
sub-folders, change the permissions, then tell it to replace permissions.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-22 Thread Kurt Buff

Sigh.

Watch for wrapping in my fileacl example syntax. There are 5 lines,
and each line should begin with fileacl.

And, this is the URL where you can download this tool:
http://www.gbordier.com/gbtools/fileacl.asp

Kurt

On Wed, Jun 22, 2011 at 15:02, Evan Brastow
 wrote:
> Amazingly simply question, but I've not done this in so long that I can't
> remember.
>
>
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
>
>
> Within that folder there are around 50 subfolders. Most users have no access
> to these folder, but some do need access to a few. So I had set up SYSTEM
> and Domain Admin full control on the Secure top level folder. Then I tried
> to change the subfolders where some users needed permissions, but it told me
> the folder permissions couldn't be changed because they were inheriting from
> their parent. Do I need to get rid of inheritable permissions so that I can
> have a few folders that have different permission levels than their parent?
>
>
>
> If I get rid of inherited permissions, and have to go set all 50 folders
> manually, which would be a pain, what do I need to set them to?
>
>
>
> Essentially, I need User A to click on the Secure folder and see nothing in
> it (or the folder list could be shown, I don't care) but I need User B to
> click on the Secure folder and see (and be able to read/write to) the
> folders he needs to access and change.
>
>
>
> Help!!??
>
>
>
> I know I had this set up before, but when I moved to a new server, I lost
> those permissions.
>
>
>
> Thanks,
>
>
>
> Evan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-22 Thread Kurt Buff

Evan,

Don't get rid of inheritance as such, because it's your friend.

Instead, work your way down from the top, and set the permissions on
individual directories. We made a very deliberate decision to limit
applications of permissions to no deeper than the 2nd subdirectory
underneath the spot where the share lives.

On the k$ drive on my file server, I have a directory called Groups
that's shared to the world. Each department's directory in that shared
directory is set up in the style of the dummy directory above. That
first line is the secret sauce here - the permissions for Domain Users
are limited to the top level (they can see the subdirectories and
files, but can't navigate into the directories and the files at the
root are R-O), and then subdirectories are given the explicit
permissions needed.

I use fileacl.exe to work through these situations, and this is the
template I use to start with:

FILEACL k:\ /S "BUILTIN\Administrators":F /S "NT AUTHORITY\SYSTEM":F
/REPLACE /PROTECT
FILEACL "k:\Groups" /S "EXAMPLE\Domain Users":RX/U/U
FILEACL "k:\Groups\Dummy" /S "BUILTIN\Administrators":RWXD/U/U /S
"CREATOR OWNER":U/RWXD/RWXD /S "EXAMPLE\Domain Users":RX/U/U /S
"EXAMPLE\US-HomeGroupsDummyManagers":RAWaWeXDc/U
FILEACL "k:\Groups\Dummy\Private" /S
"EXAMPLE\US-HomeGroupsDummyUsers":RWXD /S
"EXAMPLE\US-HomeGroupsDummyManagers":RWXD
FILEACL "k:\Groups\Dummy\Public" /S
"EXAMPLE\US-HomeGroupsDummyUsers":RWXD /S
"EXAMPLE\US-HomeGroupsDummyManagers":RWXD /S "EXAMPLE\Domain Users":RX

Fileacl.exe is a really good tool, well suited for this task. Modify
the above to experiment with a test directory, then examine the
permissions through the Properties dialog, and you'll see what's
happening really quickly.

BTW - This is the text of the Readme.txt file at the root of each
department's directory, suitably modified, of course:

--
Directions for using this directory:

1) Only new directories can be created at the top level of this
directory - not new files - and those can only be created by members
of US-GroupsDummyManagers or by IT.

2) If a new top-level directory is created, initial permissions on it
will only be for US-GroupsDummyManagers - any further permissions will
need to be added by IT.

3) Permissions will only be placed on top-level directories within the
departmental directory. If permissions need to be modified further
down the directory tree, the subdirectory in question should be moved
to another top-level folder inside of you're deparment's directory.

If you have any questions or concerns about how this works, please
submit a helpdesk ticket.

Kurt

On Wed, Jun 22, 2011 at 15:02, Evan Brastow
 wrote:
> Amazingly simply question, but I've not done this in so long that I can't
> remember.
>
>
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
>
>
> Within that folder there are around 50 subfolders. Most users have no access
> to these folder, but some do need access to a few. So I had set up SYSTEM
> and Domain Admin full control on the Secure top level folder. Then I tried
> to change the subfolders where some users needed permissions, but it told me
> the folder permissions couldn't be changed because they were inheriting from
> their parent. Do I need to get rid of inheritable permissions so that I can
> have a few folders that have different permission levels than their parent?
>
>
>
> If I get rid of inherited permissions, and have to go set all 50 folders
> manually, which would be a pain, what do I need to set them to?
>
>
>
> Essentially, I need User A to click on the Secure folder and see nothing in
> it (or the folder list could be shown, I don't care) but I need User B to
> click on the Secure folder and see (and be able to read/write to) the
> folders he needs to access and change.
>
>
>
> Help!!??
>
>
>
> I know I had this set up before, but when I moved to a new server, I lost
> those permissions.
>
>
>
> Thanks,
>
>
>
> Evan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-22 Thread Andrew S. Baker

Just remove the inheritance on the few folders that you need to setup
different permissions on, rather than from the root itself

-ASB: http://about.me/Andrew.S.Baker

Sent from my Motorola Droid
 On Jun 22, 2011 6:02 PM, "Evan Brastow" 
wrote:
> Amazingly simply question, but I've not done this in so long that I can't
remember.
>
> I have a folder on my file server (Windows 2008 R2) called Secure.
>
> Within that folder there are around 50 subfolders. Most users have no
access to these folder, but some do need access to a few. So I had set up
SYSTEM and Domain Admin full control on the Secure top level folder. Then I
tried to change the subfolders where some users needed permissions, but it
told me the folder permissions couldn't be changed because they were
inheriting from their parent. Do I need to get rid of inheritable
permissions so that I can have a few folders that have different permission
levels than their parent?
>
> If I get rid of inherited permissions, and have to go set all 50 folders
manually, which would be a pain, what do I need to set them to?
>
> Essentially, I need User A to click on the Secure folder and see nothing
in it (or the folder list could be shown, I don't care) but I need User B to
click on the Secure folder and see (and be able to read/write to) the
folders he needs to access and change.
>
> Help!!??
>
> I know I had this set up before, but when I moved to a new server, I lost
those permissions.
>
> Thanks,
>
> Evan
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~  ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Woah... why am I brain cramping on this!? (Folder permissions)

2011-06-22 Thread Art DeKneef

If you stop Inheritable permissions from the top level folder, the bottom
folders retain the current permissions. And allow you to change permissions
on the individual folders.

 

Also you might look into Access Based Enumeration on the new server. That
way users only see folders they have access to.

 

Art

 

From: Evan Brastow [mailto:ebras...@automatedemblem.com] 
Sent: Wednesday, June 22, 2011 3:02 PM
To: NT System Admin Issues
Subject: Woah... why am I brain cramping on this!? (Folder permissions)

 

Amazingly simply question, but I've not done this in so long that I can't
remember.

 

I have a folder on my file server (Windows 2008 R2) called Secure.

 

Within that folder there are around 50 subfolders. Most users have no access
to these folder, but some do need access to a few. So I had set up SYSTEM
and Domain Admin full control on the Secure top level folder. Then I tried
to change the subfolders where some users needed permissions, but it told me
the folder permissions couldn't be changed because they were inheriting from
their parent. Do I need to get rid of inheritable permissions so that I can
have a few folders that have different permission levels than their parent?

 

If I get rid of inherited permissions, and have to go set all 50 folders
manually, which would be a pain, what do I need to set them to?

 

Essentially, I need User A to click on the Secure folder and see nothing in
it (or the folder list could be shown, I don't care) but I need User B to
click on the Secure folder and see (and be able to read/write to) the
folders he needs to access and change. 

 

Help!!??

 

I know I had this set up before, but when I moved to a new server, I lost
those permissions. 

 

Thanks,

 

Evan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Woah... why am I brain cramping on this!? (Folder permissions)

RE: Woah... why am I brain cramping on this!? (Folder permissions)

RE: Woah... why am I brain cramping on this!? (Folder permissions)

Re: Woah... why am I brain cramping on this!? (Folder permissions)

RE: Woah... why am I brain cramping on this!? (Folder permissions)

RE: Woah... why am I brain cramping on this!? (Folder permissions)

Re: Woah... why am I brain cramping on this!? (Folder permissions)

RE: Woah... why am I brain cramping on this!? (Folder permissions)

RE: Woah... why am I brain cramping on this!? (Folder permissions)

RE: Woah... why am I brain cramping on this!? (Folder permissions)

Re: Woah... why am I brain cramping on this!? (Folder permissions)

Re: Woah... why am I brain cramping on this!? (Folder permissions)

Re: Woah... why am I brain cramping on this!? (Folder permissions)

Re: Woah... why am I brain cramping on this!? (Folder permissions)

RE: Woah... why am I brain cramping on this!? (Folder permissions)

15 matches

Site Navigation

Mail list logo

Footer information