Hi,

I have a directory which is shared on a Windows 2k3 standard box. I
don't wish people to be able to write to it, but I need people in a
Windows 2000 AD group to be able to write in a specific directory
below the share.

I shared the root folder on the drive using everyone giving them read
and write permissions. I then set the permissions on the specific
folder in the share so that the specific group had modify permissions.
However, it does not work.

The only way I could seem to get it to work was to give the everyone
group in the share full control then give the everyone user on the
root folder full control - then it appeared to work normally, however,
wish to tie it down.

I looked at the permissions on my solitary W2k3 box at home and they
seem very similar to how I had things set up, but this works and the
one at work doesn't.

Any suggestions?
Thanks.
Andrew.
--
Andrew Hodgson in Bromyard, Herefordshire, UK.
My Email: use <andrew at hodgsonfamily dot org>.

Andrew,
It seems to me that you are confusing "Share" level permissions with NTFS
folder permissions. Two different things. "Share" level permissions will
always superceed NTFS folder permissions with the least permissive access.
So if you "Share" a folder and on the "Share" level group "Everyone"
has only Read permissions it will superceed any "Modify or Write" NTFS
permissions you assign at the folder level. That said all that is necessary
and you must do in order to assign permissions higher that Read you must
give the group "Everyone" Full Control at the "SHARE" level. Now you assign
your AD group "List" permissions all the way down to the level you need for
them to modify at the folder level. This will allow them to transcend down
the heiarchy and not give them any access to other folders along the way.



"Andrew Hodgson" <me3@privacy.net> wrote in message
news:47fe12l8hl59jlejqata61jsiftao0ehp8@4ax.com...

Not enough information. If the group does not have write or better NTFS
(Security) permissions on the shared folder, then it will not have write or
better access to a subfolder accessed through the share. This is so
regardless of what NTFS permissions are assigned to the subfolder.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"Andrew Hodgson" <me3@privacy.net> wrote in message
news:47fe12l8hl59jlejqata61jsiftao0ehp8@4ax.com...

AllenM wrote:
Ok, I understand this, but one of the things I did yesterday was assign
the group to the share level permissions to give full control, and it
still didn't work.

However will try your suggestion in a few minutes and report back.

Andrew.

I guess it would have been clearer if I said: If the user or some group of
which the user is a member does not have write or better NTFS (Security)
permissions on the shared folder, then the user cannot have write access to
a subfolder accessed through the share. This will not change even if you
give the user Full Control NTFS permissions on the subfolder and/or Full
Control Share permissions on the shared folder.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in message
news:u0P9fu7RGHA.5908@TK2MSFTNGP14.phx.gbl...

Oh I beg to differ if I am understanding your explaination correctly Doug.
What you are saying is "If the user or some group of which the user is a
member does not have write or better NTFS (Security) permissions on the
shared folder, then the user cannot have write access to a subfolder
accessed through the share."?

Parent Folder (SHARED as "Parent" with Group Everyone FULL CONTROL access at
the Parent share) NTFS Folder/File permissions are (Administrator-FULL
CONTROL/ System-FULL CONTROL / Eveyone-READ)
Sub Folder A - NTFS Folder/File permissions are (Administrator-FULL
CONTROL/ System-FULL CONTROL/ User GroupA-MODIFY / User GroupB/READ)
Sub Folder B - NTFS Folder/File permissions are (Administrator-FULL
CONTROL/ System-FULL CONTROL/ User GroupA-READ / User GroupB/MODIFY)

So given your explaination the above scenario would not be possible? As you
can see I assign "READ" only NTFS Foler/File permissions to the group
Everyone at the Parent share folder. So your telling us that I cannot assign
Modify access to User Group A or B to Sub Folder A or B as I did above?

"Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in message
news:uiNJPSFSGHA.5156@TK2MSFTNGP10.phx.gbl...

You can always "assign" any NTFS permissions you want. However, in your
scenario users who access subfolders through the Share (Parent) will never
have better than Read access unless they are also members of the
Administrators group.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"AllenM" <allen.miyake@gmail.com> wrote in message
news:eF5fSkFSGHA.424@TK2MSFTNGP12.phx.gbl...

Oops - OK, now I see what you are doing. Yes this will work.

Doug Sherman
MCSE, MCSA, MCP+I, MVP

"Doug Sherman [MVP]" <dsherman@notampabayspamforme.rr.com> wrote in message
news:#RM6NuHSGHA.4900@TK2MSFTNGP09.phx.gbl...