Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
sfurey

Windows 2000 modify / delete permissions

By sfurey, in Everything New Technology

Recommended Posts

sfurey    0

sfurey
Posted

Hi,

I've been looking for an answer for this issue for months now to no avail. Maybe someone here can help.

 

Windows 2000 server -

Shared Data directory with share permissions wide open to all users (all sub directories locked down with NTFS permissions).

Engineering subdirectory - Not allowing inheritance. Engineering DLG (domain local group) had modify permissions, but a regulatory requirement dictated that users in this group could not delete ANY files or folders. Since modify permissions natively allows the delete permission (but not the delete subfolders & files), I unchecked the delete permission within the "Advanced" properties of the Access Control Settings. After doing this and going back to the previous screen (security properties), the modify permission is unchecked and only Read, Write, Read & Execute, and List Folder Contents are checked.

 

At the surface, this would seem fine; however, now users cannot even save files to this directory (but they should be able to based on the Write persmission). While saving, a bogus error is output, and an empty file with the chosen name is saved with no data in it. Unfortuantely, this is repeatable within every PC and server in my environment. Alternatively, if I explictily "Deny" delete permissions (within the Advanced properties of the Access Control Settings) it maintains the "modify" attribute, but users can still delete files and folders.

 

All servers and PC's are up to current service packs and hotfixes, and there are no share vs. NTFS permission conflicts or NTFS vs. NTFS permission conflicts (i.e. least restrictive vs. most restrictive, etc...).

 

Any thoughts?

Share this post

Link to post

sfurey    0

sfurey
Posted

The problem with this is that there could be three hundred "files" at any one time. Additionally, it there are new files being generated in this directory every day which would mean constant monitoring and editing permissions etc...

 

I just figure that this is some kind "feature" I'm overlooking, or possibly a known issue that someone else has run into.

 

Thanks...

Share this post

Link to post

sfurey    0

sfurey
Posted

Hi,

 

I just wanted to let you know that I am leaving for the day, but I intend to take my laptop home, and re-read your thread in it's entirety. What your saying makes sense, but there is a lot of information and I have to have time to mull it over (in a more peaceful environment than work ;-)

Thanks for your help, I will write back tonight / tomorrow AM.

 

Thanks!

Share this post

Link to post

zen69x    0

zen69x
Posted

I've created a folder and set it up so that it did not inherit rights, then I removed all rights and added only my user account to the security tab.

 

Under Advanced Rights, I have the following allowed:

 

Traverse Folder / Execute File

List Folder / Read Data

Read Attributes

Read Extended Attributes

Create Files / Write Data

Create Folders / Append Data

Write Attributes

Write Extended Attributes

Read Permissions

 

I then reset permissions on all child objects and enabled propagation of inheritable permissions.

 

I can't recreate the issue you are experiencing here. Is there something I've missed perhaps?

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Everything New Technology
×