NTFS permissions

Hi,
I am trying to set some permissions on a folder, its subfolders and
files and I am not getting the results I expect.

My manager had me create a folder and a bunch of subfolders.
We created a AD group and put the needed users in it and added them to
the folder permissions.

This is a Windows 2003 cluster with SP2.

He wants this group to be able to:
Add files
Delete files
Modify files
View all folders and contents

He does NOT want this group to be able to:
Rename any folders/subfolders
Add any folders/subfolders
Delete any folders/subfolders

I am going into the Special Permissions area for this group and not
getting the results I need. I can get it so that the group members
cannot create folders or rename them, and they can read files, but then
they cannot modify or save files. And the weird thing is after I try to
save a modification it denies it and creates a 0kb .tmp file. When I
try to create a new file it denies it and then creates a file called
"New Document.txt".

On Effective Permissions for this group says they have:
Traverse folder / Execute file
List Folder / Read Data
Read Attributes
Read Extended Attributes
Delete Files / Write Data
Write Attributes
Write Extended Attributes
Read Permissions
Everything else is unchecked

What am I missing? Thanks in advance!

In news:ewktJQOmJHA.5124@TK2MSFTNGP03.phx.gbl,
JJP <anonymous@microsoft.com>, posted the following:
> Hi,
> I am trying to set some permissions on a folder, its subfolders and
> files and I am not getting the results I expect.
>
> My manager had me create a folder and a bunch of subfolders.
> We created a AD group and put the needed users in it and added them to
> the folder permissions.
>
> This is a Windows 2003 cluster with SP2.
>
> He wants this group to be able to:
> Add files
> Delete files
> Modify files
> View all folders and contents
>
> He does NOT want this group to be able to:
> Rename any folders/subfolders
> Add any folders/subfolders
> Delete any folders/subfolders
>
> I am going into the Special Permissions area for this group and not
> getting the results I need. I can get it so that the group members
> cannot create folders or rename them, and they can read files, but
> then they cannot modify or save files. And the weird thing is after
> I try to save a modification it denies it and creates a 0kb .tmp
> file. When I try to create a new file it denies it and then creates
> a file called "New Document.txt".
>
> On Effective Permissions for this group says they have:
> Traverse folder / Execute file
> List Folder / Read Data
> Read Attributes
> Read Extended Attributes
> Delete Files / Write Data
> Write Attributes
> Write Extended Attributes
> Read Permissions
> Everything else is unchecked
>
> What am I missing? Thanks in advance!

The Modify permission allows them to rename folders, add and delete folders.

The best thing is to first remove the group from the ACL. Then go into
advanced and in the Special permissions, add the group. As soon as you add
the group, the Permissions Entry window pops up. Then finite the permissions
so they have:
Apply to: "This folder and subfolders"
Traverse
List Folder/Read data
Read Attributes
Read extended attributes
Create Files/write data
Write attributes
Read permissions

Then after clicking on OK, go back into the ACL and add:
Creator Owner: Modify

Try that and test it out.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
aceman@mvps.RemoveThisPart.org

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

In news:ewktJQOmJHA.5124@TK2MSFTNGP03.phx.gbl,
JJP <anonymous@microsoft.com>, posted the following:
> Hi,
> I am trying to set some permissions on a folder, its subfolders and
> files and I am not getting the results I expect.
>
> My manager had me create a folder and a bunch of subfolders.
> We created a AD group and put the needed users in it and added them to
> the folder permissions.
>
> This is a Windows 2003 cluster with SP2.
>
> He wants this group to be able to:
> Add files
> Delete files
> Modify files
> View all folders and contents
>
> He does NOT want this group to be able to:
> Rename any folders/subfolders
> Add any folders/subfolders
> Delete any folders/subfolders
>
> I am going into the Special Permissions area for this group and not
> getting the results I need. I can get it so that the group members
> cannot create folders or rename them, and they can read files, but
> then they cannot modify or save files. And the weird thing is after
> I try to save a modification it denies it and creates a 0kb .tmp
> file. When I try to create a new file it denies it and then creates
> a file called "New Document.txt".
>
> On Effective Permissions for this group says they have:
> Traverse folder / Execute file
> List Folder / Read Data
> Read Attributes
> Read Extended Attributes
> Delete Files / Write Data
> Write Attributes
> Write Extended Attributes
> Read Permissions
> Everything else is unchecked
>
> What am I missing? Thanks in advance!

Oh, one more thing, under the Share permissions, change it to:
Domain Admins: FC
Authenticated Users: Change

Ace

Ace Fekay [Microsoft Certified Trainer] wrote:
> In news:ewktJQOmJHA.5124@TK2MSFTNGP03.phx.gbl,
> JJP <anonymous@microsoft.com>, posted the following:
>> Hi,
>> I am trying to set some permissions on a folder, its subfolders and
>> files and I am not getting the results I expect.
>>
>> My manager had me create a folder and a bunch of subfolders.
>> We created a AD group and put the needed users in it and added them to
>> the folder permissions.
>>
>> This is a Windows 2003 cluster with SP2.
>>
>> He wants this group to be able to:
>> Add files
>> Delete files
>> Modify files
>> View all folders and contents
>>
>> He does NOT want this group to be able to:
>> Rename any folders/subfolders
>> Add any folders/subfolders
>> Delete any folders/subfolders
>>
>> I am going into the Special Permissions area for this group and not
>> getting the results I need. I can get it so that the group members
>> cannot create folders or rename them, and they can read files, but
>> then they cannot modify or save files. And the weird thing is after
>> I try to save a modification it denies it and creates a 0kb .tmp
>> file. When I try to create a new file it denies it and then creates
>> a file called "New Document.txt".
>>
>> On Effective Permissions for this group says they have:
>> Traverse folder / Execute file
>> List Folder / Read Data
>> Read Attributes
>> Read Extended Attributes
>> Delete Files / Write Data
>> Write Attributes
>> Write Extended Attributes
>> Read Permissions
>> Everything else is unchecked
>>
>> What am I missing? Thanks in advance!
>
> The Modify permission allows them to rename folders, add and delete
> folders.
>
> The best thing is to first remove the group from the ACL. Then go into
> advanced and in the Special permissions, add the group. As soon as you
> add the group, the Permissions Entry window pops up. Then finite the
> permissions so they have:
> Apply to: "This folder and subfolders"
> Traverse
> List Folder/Read data
> Read Attributes
> Read extended attributes
> Create Files/write data
> Write attributes
> Read permissions
>
> Then after clicking on OK, go back into the ACL and add:
> Creator Owner: Modify
>
> Try that and test it out.
>

Thanks Ace, I never tried that approach before but will give it a try!

In news:49ABFE41.9050209@microsoft.com,
JJP <anonymous@microsoft.com>, posted the following:
>
> Thanks Ace, I never tried that approach before but will give it a try!

My pleasure. Let me know how you make out.

Ace