1

we have a Windows 7 server and I've been asked to set it up so no one can move files in the root directory except for 3 users and still allow everyone to access/create files in subdirectory.

Example:

We have a drive, X:/

We don't want people to move any folders inside X:/

But in X:/SomeFolder we want people to have full permissions to create, move, and modify files.

I got the move restriction setup by disallowing delete for subfolders in the current directory, but it restricted access on sub-sub folders as well.

Anyone have a clue on how to do this?

user2863558
  • 15
  • 5

1 Answers1

0

When changing the permissions to block users from moving folders, set them to apply to This Folder Only:

Permission Dialog in Windows Showing Apply Only options
(source: winhelp.us)

Assuming you have two groups, Users and Administrators, and no other permissions currently configured on X::

  1. Grant Administrators Full Control, applied to This Folder Only
  2. Grant Users the following permissions, applied to This Folder Only:
    • Traverse Folder
    • List Folder Contents
    • Read Attributes
    • Read Extended Attributes
    • Read Permissions
    • Create Files
    • Create Folders
Glorfindel
  • 21,988
  • 13
  • 81
  • 109
Darth Android
  • 3,437
  • 18
  • 19
  • Wouldn't I need to do this every time we create a new folder in the root directory though? Like each time I want to create a folder that cannot be moved except by certain people, I'd have to set up the permissions again? I only ask because the people who generally are going to have permissions to create folders are not computer savvy at all and I'm only in the office a few days a week. – user2863558 Feb 26 '16 at 19:20
  • You should be able to set this once, on `X:\ `, to block users in general from moving folders. You can then specifically grant yourself and a few special people full control to `X:\ `, and it should work regardless of what subfolders they create. – Darth Android Feb 26 '16 at 19:22
  • I'm confused and cannot get this working. What permissions should I give to the users for "This Folder Only" to disallow moving folders and changing folder names in the root of X:\, but still allow changing files, creating folders, etc. inside the folders inside X:\ – user2863558 Feb 26 '16 at 19:33
  • Nevermind, I seem to have gotten it working by starting from scratch. I added the following permissions to the folder: For this Folder Only, I disallowed delete subfolders and files as well as delete. For Subfolders and files only, I disallowed delte but allowed delete subfolders and files. – user2863558 Feb 26 '16 at 19:36
  • Turns out this isn't what they wanted anyways so back to the drawing board. They don't want ANYONE to be able to move folders in the X:/ Drive but they still want administrators to create and rename folders. Unfortunately I had to explain to them that the ability to move folders (the delete permission) is tied directly to the ability to rename folders in every example I've seen. – user2863558 Feb 26 '16 at 19:53
  • @user2863558 I would clarify what exactly they mean by "move" and "rename", because those are the same thing in the computer world. If my answer answered your question, it's customary to mark it as "accepted". You can return and ask another question when you figure out exactly what they want if it's giving you trouble. – Darth Android Feb 26 '16 at 19:54
  • Yeah that's what I explained to them. I explained the reason the delete permissions are the same as move and rename permissions. One of my coworkers claims they had a system that did this at their last job but I'm not quite sure how they would go about doing this. – user2863558 Feb 26 '16 at 19:59