What would be the correct combination of NTFS special access permissions to allow an AD group (Authenticated Users) to copy files to a share, but after copying no one in the AD group should be allowed to edit, overwrite, rename, or delete the file? The AD group should also be able to copy files from the share to their machines.
Asked
Active
Viewed 505 times
2
-
1smells like homework – Zypher Apr 28 '10 at 02:35
-
1@Zypher - not homework - just didn't quite understand the special permission definition from Microsoft: Create Files/Write Data The Create Files permission applies only to folders and allows or denies the user from creating files in the folder. The Write Data permission applies only to files and allows or denies the user from making changes to the file and overwriting existing content by NTFS. Setting this permission gave me the desired result, but the wording seemed to be saying that that file would still be allowed to be overwritten and changed. Just wanted input from others. – thedugas Apr 28 '10 at 02:52
-
1No worries, without that background information and the way you worded the question that question reads exactly like every review question i've ever read when working through MS Certification prep material. (also just to be clear we have no issue with homework questions as long as it is presented right http://meta.stackexchange.com/questions/10811/how-to-ask-and-answer-homework-questions) – Zypher Apr 28 '10 at 03:54
1 Answers
2
I'm assuming your are getting your definitions from here. It is a little confusing, what you want to watch out for when setting that particular permissions is the "Applies to" drop down. If you apply it only to folders(/subfolders/...) then you are good, if you apply it to file objects as well then the user will be able to overwrite what is there already.
Zypher
- 37,405
- 5
- 53
- 95