NTFS permissions

Archived from groups: microsoft.public.win2000.file_system (More info?)

Hi,

I need to set up a public folder which will hold separate subfolders for
each user on the system (htere are 20 users)

Each of these subfolders needs to be accessible from the clients running win
XP
and each of them needs to be accessible to only user it belongs to (so user
will be able to read/create/delete files/folders within it, while other users
on the system should have no access to it at all)

I tried to set up permissions so that "user1" has "Full NTFS permissions"
for "user1" folder and I removed the "Users" group "Read" permissions that
was inherited from its parent folder, as a result when i try to access
"user1" folder from win XP client (logged on as "user1") I can rad the
contents of the folder but I can't write to it even though "user1" has Full
NTFS permissions". Other users can't access the "user1" folder, which is fine.

Can you please give me an advice on how to solve my problem and am I on the
right track?

Kind regards,
Slobodan
5 answers Last reply
More about ntfs permissions
  1. Archived from groups: microsoft.public.win2000.file_system (More info?)

    I am guessing you have a share set as USERS and then each users folder
    inside of it?
    Example: USERS\User1 , USERS\User2, etc.

    If so, check your share permissions of USERS - you probably have "Everyone"
    set to read only.

    --
    Mark St. John
    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Steve" <Steve@discussions.microsoft.com> wrote in message
    news:DFD3125C-5919-4EDA-B5EB-6119D655B964@microsoft.com...
    > Hi,
    >
    > I need to set up a public folder which will hold separate subfolders for
    > each user on the system (htere are 20 users)
    >
    > Each of these subfolders needs to be accessible from the clients running
    > win
    > XP
    > and each of them needs to be accessible to only user it belongs to (so
    > user
    > will be able to read/create/delete files/folders within it, while other
    > users
    > on the system should have no access to it at all)
    >
    > I tried to set up permissions so that "user1" has "Full NTFS permissions"
    > for "user1" folder and I removed the "Users" group "Read" permissions that
    > was inherited from its parent folder, as a result when i try to access
    > "user1" folder from win XP client (logged on as "user1") I can rad the
    > contents of the folder but I can't write to it even though "user1" has
    > Full
    > NTFS permissions". Other users can't access the "user1" folder, which is
    > fine.
    >
    > Can you please give me an advice on how to solve my problem and am I on
    > the
    > right track?
    >
    > Kind regards,
    > Slobodan
  2. Archived from groups: microsoft.public.win2000.file_system (More info?)

    Hi Mark,

    The only group in USERS folder is "Users" they have "Read" share permission
    and
    "Read", "Read and Execute", "List Folder Contents" NTFS permissions.
    I removed the Everyone group from USERS folder so it does not apperar in the
    list of usres/groups.
    I also didn't want to give more powerfull permissions other than "Read" to
    "Users" group because it would allow them to delete each others folders and
    also allow them to create files and folders outside their directories, which
    is not the way I want it to be.

    Any suggestions?

    Kind regards,
    Slobodan


    "mark" wrote:

    > I am guessing you have a share set as USERS and then each users folder
    > inside of it?
    > Example: USERS\User1 , USERS\User2, etc.
    >
    > If so, check your share permissions of USERS - you probably have "Everyone"
    > set to read only.
    >
    > --
    > Mark St. John
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    > "Steve" <Steve@discussions.microsoft.com> wrote in message
    > news:DFD3125C-5919-4EDA-B5EB-6119D655B964@microsoft.com...
    > > Hi,
    > >
    > > I need to set up a public folder which will hold separate subfolders for
    > > each user on the system (htere are 20 users)
    > >
    > > Each of these subfolders needs to be accessible from the clients running
    > > win
    > > XP
    > > and each of them needs to be accessible to only user it belongs to (so
    > > user
    > > will be able to read/create/delete files/folders within it, while other
    > > users
    > > on the system should have no access to it at all)
    > >
    > > I tried to set up permissions so that "user1" has "Full NTFS permissions"
    > > for "user1" folder and I removed the "Users" group "Read" permissions that
    > > was inherited from its parent folder, as a result when i try to access
    > > "user1" folder from win XP client (logged on as "user1") I can rad the
    > > contents of the folder but I can't write to it even though "user1" has
    > > Full
    > > NTFS permissions". Other users can't access the "user1" folder, which is
    > > fine.
    > >
    > > Can you please give me an advice on how to solve my problem and am I on
    > > the
    > > right track?
    > >
    > > Kind regards,
    > > Slobodan
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.file_system (More info?)

    Hello again :)

    Think of it this way - share permissions decide who is allowed what
    permissions to the share resource. The NTFS permissions actually let them do
    something on disk. If you set "Everyone" to read/write but NTFS permissions
    only allows Administrators any access, "everyone" can connect to the share
    resource - but only admins can read, write or do anything productive.

    With share permissions and NTFS permissions, the most strict permission
    always wins. In your case, since your share permission is only read for
    "Users" - nobody connecting to that share as a member of the "Users" group
    will ever be able to do more than read.

    Now, it may be the late hour, but if you are going to use NTFS permissions
    to explicitly allow or deny access to the subfolders, you should be able to
    set "Users" share permissions to read/write on the USERS folder - and then
    on your users subfolders you would use NTFS to restrict access to an
    individual user (ie. remove "Users" group from NTFS permissions, and add in
    the individual user that will have control of that folder - you may have to
    "uninherit" permissions from parent folder.)

    Looking something like:
    USERS : "Users" Read/Write Share Permissions
    USERS\JohnDoe : Only have JohnDoe with FullControl (along with admins and
    backup operators of course :D )

    That sort of make sense?

    --
    Mark St. John
    This posting is provided "AS IS" with no warranties, and confers no rights.

    "Steve" <Steve@discussions.microsoft.com> wrote in message
    news:AC8B3C4F-1B5D-4BE8-9829-C925522B48A4@microsoft.com...
    > Hi Mark,
    >
    > The only group in USERS folder is "Users" they have "Read" share
    > permission
    > and
    > "Read", "Read and Execute", "List Folder Contents" NTFS permissions.
    > I removed the Everyone group from USERS folder so it does not apperar in
    > the
    > list of usres/groups.
    > I also didn't want to give more powerfull permissions other than "Read" to
    > "Users" group because it would allow them to delete each others folders
    > and
    > also allow them to create files and folders outside their directories,
    > which
    > is not the way I want it to be.
    >
    > Any suggestions?
    >
    > Kind regards,
    > Slobodan
    >
    >
    > "mark" wrote:
    >
    >> I am guessing you have a share set as USERS and then each users folder
    >> inside of it?
    >> Example: USERS\User1 , USERS\User2, etc.
    >>
    >> If so, check your share permissions of USERS - you probably have
    >> "Everyone"
    >> set to read only.
    >>
    >> --
    >> Mark St. John
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >> "Steve" <Steve@discussions.microsoft.com> wrote in message
    >> news:DFD3125C-5919-4EDA-B5EB-6119D655B964@microsoft.com...
    >> > Hi,
    >> >
    >> > I need to set up a public folder which will hold separate subfolders
    >> > for
    >> > each user on the system (htere are 20 users)
    >> >
    >> > Each of these subfolders needs to be accessible from the clients
    >> > running
    >> > win
    >> > XP
    >> > and each of them needs to be accessible to only user it belongs to (so
    >> > user
    >> > will be able to read/create/delete files/folders within it, while other
    >> > users
    >> > on the system should have no access to it at all)
    >> >
    >> > I tried to set up permissions so that "user1" has "Full NTFS
    >> > permissions"
    >> > for "user1" folder and I removed the "Users" group "Read" permissions
    >> > that
    >> > was inherited from its parent folder, as a result when i try to access
    >> > "user1" folder from win XP client (logged on as "user1") I can rad the
    >> > contents of the folder but I can't write to it even though "user1" has
    >> > Full
    >> > NTFS permissions". Other users can't access the "user1" folder, which
    >> > is
    >> > fine.
    >> >
    >> > Can you please give me an advice on how to solve my problem and am I on
    >> > the
    >> > right track?
    >> >
    >> > Kind regards,
    >> > Slobodan
    >>
    >>
    >>
  4. Archived from groups: microsoft.public.win2000.file_system (More info?)

    Great Mark,

    That solves my problem

    Regards,
    Slobodan

    "mark" wrote:

    > Hello again :)
    >
    > Think of it this way - share permissions decide who is allowed what
    > permissions to the share resource. The NTFS permissions actually let them do
    > something on disk. If you set "Everyone" to read/write but NTFS permissions
    > only allows Administrators any access, "everyone" can connect to the share
    > resource - but only admins can read, write or do anything productive.
    >
    > With share permissions and NTFS permissions, the most strict permission
    > always wins. In your case, since your share permission is only read for
    > "Users" - nobody connecting to that share as a member of the "Users" group
    > will ever be able to do more than read.
    >
    > Now, it may be the late hour, but if you are going to use NTFS permissions
    > to explicitly allow or deny access to the subfolders, you should be able to
    > set "Users" share permissions to read/write on the USERS folder - and then
    > on your users subfolders you would use NTFS to restrict access to an
    > individual user (ie. remove "Users" group from NTFS permissions, and add in
    > the individual user that will have control of that folder - you may have to
    > "uninherit" permissions from parent folder.)
    >
    > Looking something like:
    > USERS : "Users" Read/Write Share Permissions
    > USERS\JohnDoe : Only have JohnDoe with FullControl (along with admins and
    > backup operators of course :D )
    >
    > That sort of make sense?
    >
    > --
    > Mark St. John
    > This posting is provided "AS IS" with no warranties, and confers no rights.
    >
    > "Steve" <Steve@discussions.microsoft.com> wrote in message
    > news:AC8B3C4F-1B5D-4BE8-9829-C925522B48A4@microsoft.com...
    > > Hi Mark,
    > >
    > > The only group in USERS folder is "Users" they have "Read" share
    > > permission
    > > and
    > > "Read", "Read and Execute", "List Folder Contents" NTFS permissions.
    > > I removed the Everyone group from USERS folder so it does not apperar in
    > > the
    > > list of usres/groups.
    > > I also didn't want to give more powerfull permissions other than "Read" to
    > > "Users" group because it would allow them to delete each others folders
    > > and
    > > also allow them to create files and folders outside their directories,
    > > which
    > > is not the way I want it to be.
    > >
    > > Any suggestions?
    > >
    > > Kind regards,
    > > Slobodan
    > >
    > >
    > > "mark" wrote:
    > >
    > >> I am guessing you have a share set as USERS and then each users folder
    > >> inside of it?
    > >> Example: USERS\User1 , USERS\User2, etc.
    > >>
    > >> If so, check your share permissions of USERS - you probably have
    > >> "Everyone"
    > >> set to read only.
    > >>
    > >> --
    > >> Mark St. John
    > >> This posting is provided "AS IS" with no warranties, and confers no
    > >> rights.
    > >>
    > >> "Steve" <Steve@discussions.microsoft.com> wrote in message
    > >> news:DFD3125C-5919-4EDA-B5EB-6119D655B964@microsoft.com...
    > >> > Hi,
    > >> >
    > >> > I need to set up a public folder which will hold separate subfolders
    > >> > for
    > >> > each user on the system (htere are 20 users)
    > >> >
    > >> > Each of these subfolders needs to be accessible from the clients
    > >> > running
    > >> > win
    > >> > XP
    > >> > and each of them needs to be accessible to only user it belongs to (so
    > >> > user
    > >> > will be able to read/create/delete files/folders within it, while other
    > >> > users
    > >> > on the system should have no access to it at all)
    > >> >
    > >> > I tried to set up permissions so that "user1" has "Full NTFS
    > >> > permissions"
    > >> > for "user1" folder and I removed the "Users" group "Read" permissions
    > >> > that
    > >> > was inherited from its parent folder, as a result when i try to access
    > >> > "user1" folder from win XP client (logged on as "user1") I can rad the
    > >> > contents of the folder but I can't write to it even though "user1" has
    > >> > Full
    > >> > NTFS permissions". Other users can't access the "user1" folder, which
    > >> > is
    > >> > fine.
    > >> >
    > >> > Can you please give me an advice on how to solve my problem and am I on
    > >> > the
    > >> > right track?
    > >> >
    > >> > Kind regards,
    > >> > Slobodan
    > >>
    > >>
    > >>
    >
    >
    >
  5. Archived from groups: microsoft.public.win2000.file_system (More info?)

    Anyone have any thoughts on this? It's been posted before but no one wants to
    touch it, so it seems.....any help GREATLY appreciated. Thanks!

    We've since migrated to Server 2003, but we need to keep an NT 4.0 BDC online
    for awhile, so we are in Mixed-Mode. Problem is, strange things are
    happening when you attempt to set NTFS Permissions on this NT 4.0 BDC
    (Service Pack 6a).

    Off of the Root of C:\ are two folders created a few moments apart as a test
    to address this same problem that was discovered today:

    Created Folder-1
    Created Folder-2

    Root Share: Everyone Full Control

    Folder SHARE: Everyone Full Control on both.

    NTFS Permissions on both:

    Folder-1 is set for Administrator, Domain Admins at the NTFS Level. No other
    Users or Groups. No one else can get in. Access denied. End of story.

    Folder-2 also is set for Administrator, Domain Admins at the NTFS Level. No
    other Users or Groups.

    Here is where it is strange: ANYONE can breech Folder-2 across the network,
    despite it's IDENTICAL permissions.

    Any idea what's going on here? Same Permssions, same disk.

    This has me thoroughly stumped. FWIW, this system is some seven years old;
    don't know if there could be corrupted clusters causing this or not....


    "Steve" wrote:

    > Great Mark,
    >
    > That solves my problem
    >
    > Regards,
    > Slobodan
    >
    > "mark" wrote:
    >
    > > Hello again :)
    > >
    > > Think of it this way - share permissions decide who is allowed what
    > > permissions to the share resource. The NTFS permissions actually let them do
    > > something on disk. If you set "Everyone" to read/write but NTFS permissions
    > > only allows Administrators any access, "everyone" can connect to the share
    > > resource - but only admins can read, write or do anything productive.
    > >
    > > With share permissions and NTFS permissions, the most strict permission
    > > always wins. In your case, since your share permission is only read for
    > > "Users" - nobody connecting to that share as a member of the "Users" group
    > > will ever be able to do more than read.
    > >
    > > Now, it may be the late hour, but if you are going to use NTFS permissions
    > > to explicitly allow or deny access to the subfolders, you should be able to
    > > set "Users" share permissions to read/write on the USERS folder - and then
    > > on your users subfolders you would use NTFS to restrict access to an
    > > individual user (ie. remove "Users" group from NTFS permissions, and add in
    > > the individual user that will have control of that folder - you may have to
    > > "uninherit" permissions from parent folder.)
    > >
    > > Looking something like:
    > > USERS : "Users" Read/Write Share Permissions
    > > USERS\JohnDoe : Only have JohnDoe with FullControl (along with admins and
    > > backup operators of course :D )
    > >
    > > That sort of make sense?
    > >
    > > --
    > > Mark St. John
    > > This posting is provided "AS IS" with no warranties, and confers no rights.
    > >
    > > "Steve" <Steve@discussions.microsoft.com> wrote in message
    > > news:AC8B3C4F-1B5D-4BE8-9829-C925522B48A4@microsoft.com...
    > > > Hi Mark,
    > > >
    > > > The only group in USERS folder is "Users" they have "Read" share
    > > > permission
    > > > and
    > > > "Read", "Read and Execute", "List Folder Contents" NTFS permissions.
    > > > I removed the Everyone group from USERS folder so it does not apperar in
    > > > the
    > > > list of usres/groups.
    > > > I also didn't want to give more powerfull permissions other than "Read" to
    > > > "Users" group because it would allow them to delete each others folders
    > > > and
    > > > also allow them to create files and folders outside their directories,
    > > > which
    > > > is not the way I want it to be.
    > > >
    > > > Any suggestions?
    > > >
    > > > Kind regards,
    > > > Slobodan
    > > >
    > > >
    > > > "mark" wrote:
    > > >
    > > >> I am guessing you have a share set as USERS and then each users folder
    > > >> inside of it?
    > > >> Example: USERS\User1 , USERS\User2, etc.
    > > >>
    > > >> If so, check your share permissions of USERS - you probably have
    > > >> "Everyone"
    > > >> set to read only.
    > > >>
    > > >> --
    > > >> Mark St. John
    > > >> This posting is provided "AS IS" with no warranties, and confers no
    > > >> rights.
    > > >>
    > > >> "Steve" <Steve@discussions.microsoft.com> wrote in message
    > > >> news:DFD3125C-5919-4EDA-B5EB-6119D655B964@microsoft.com...
    > > >> > Hi,
    > > >> >
    > > >> > I need to set up a public folder which will hold separate subfolders
    > > >> > for
    > > >> > each user on the system (htere are 20 users)
    > > >> >
    > > >> > Each of these subfolders needs to be accessible from the clients
    > > >> > running
    > > >> > win
    > > >> > XP
    > > >> > and each of them needs to be accessible to only user it belongs to (so
    > > >> > user
    > > >> > will be able to read/create/delete files/folders within it, while other
    > > >> > users
    > > >> > on the system should have no access to it at all)
    > > >> >
    > > >> > I tried to set up permissions so that "user1" has "Full NTFS
    > > >> > permissions"
    > > >> > for "user1" folder and I removed the "Users" group "Read" permissions
    > > >> > that
    > > >> > was inherited from its parent folder, as a result when i try to access
    > > >> > "user1" folder from win XP client (logged on as "user1") I can rad the
    > > >> > contents of the folder but I can't write to it even though "user1" has
    > > >> > Full
    > > >> > NTFS permissions". Other users can't access the "user1" folder, which
    > > >> > is
    > > >> > fine.
    > > >> >
    > > >> > Can you please give me an advice on how to solve my problem and am I on
    > > >> > the
    > > >> > right track?
    > > >> >
    > > >> > Kind regards,
    > > >> > Slobodan
    > > >>
    > > >>
    > > >>
    > >
    > >
    > >
Ask a new question

Read More

Permissions File System NTFS Windows XP Windows