-1

Is it possible to set the NTFS permissions so that a user has permission to edit folder permissions for every subfolder and every user except himself?

For instance, I want a user to be able to administrate folder permissions for a specific netshare, without having permission to open files and without being able to assign more rights to himself. Is this feasible; if so, how?

TRiG
  • 1,181
  • 3
  • 13
  • 30
Jannis Alexakis
  • 178
  • 1
  • 6

1 Answers1

2

Give read/write permissions on the folder to an Active Directory security group, then give the user access to add or remove members from that group. If you don't want him accessing the folder by giving himself membership in the group, just add a Deny flag for his account in that folder's permissions.

Hyppy
  • 15,608
  • 1
  • 38
  • 59
  • That is as close as it gets. If you have the right to change rights, you will always find a way to give yourself rights if you put your mind to it. It would help to know the why behind the question. To me it sounds like giving a user rights to do adminstuff. My advice: Don't do it adn do the work yourself, even if it is cumbersome. – Christoph Jan 12 '15 at 15:08