How to set up a folder so that only the creator of a file ..

Tom's Guide Forums

Tom's Guide Forums » Windows 2000/NT » Windows 2000/NT General Discussion » How to set up a folder so that only the creator of a file ..

Show comments: By default All Good ratings Poor ratings

Word : Username : Filter :
Bottom
Author	Thread : How to set up a folder so that only the creator of a file ..

Anonymous

More Information

07-06-2005 at 03:56:25 AM

Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

All -

I've mucked about with advanced permissions and I still can't quite get
what I want to work.

I would think this would be easy. Say I have three groups - accounting,
engineering and sales. I create three folders called acct, eng and sales.
I want it set up so that anyone in the group can write to their folder,
but only the person who created a file can modify it later. I want
everyone in the group to be able to read any file, but only the creator
t be able to change it.

How do I do that?

Thanks,
Thomas

Related Pr oduct

Anonymous

More Information

07-06-2005 at 03:56:26 AM

Hide

Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

Give the groups read/list/execute/write permissions and creator owner full
control which is what creator owner usually has. Creator owner should show
as full control for the parent folder of the three folders for acct, eng and
sales for "subfolders and files only" when you view advanced permissions.
Also verify that the file has the owner that you expect after it is
created. --- Steve

"Thomas Cameron" <thomas.cameron@camerontech.com> wrote in message
newsan.2005.07.05.21.57.45.932691@camerontech.com...
> All -
>
> I've mucked about with advanced permissions and I still can't quite get
> what I want to work.
>
> I would think this would be easy. Say I have three groups - accounting,
> engineering and sales. I create three folders called acct, eng and sales.
> I want it set up so that anyone in the group can write to their folder,
> but only the person who created a file can modify it later. I want
> everyone in the group to be able to read any file, but only the creator
> t be able to change it.
>
> How do I do that?
>
> Thanks,
> Thomas

Anonymous

More Information

07-06-2005 at 05:27:59 AM

Hide

Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

Actually, that will not satisfy the poster's requirements since
the read/list/execute/write will result in the file defined within
having write granted on it to the group rather than only to the
creating user.

This is a little tricky to accomplish with the NTFS security dialog
as normally things that you grant to Files (Files only, or This folder,
subfolders, and Files, This folder and files, Subfolders and Files only)
will result in the permissions that are applicable to file objects being
set on those files objects at any of the specified levels.

To accomplish what the OP is after here one needs to make use of
the Folder ACE called in the interface Create file.
To do this one may
Grant List to the group, access the Advanced view and highlight
the List grant and Edit it, and finally within the detail edit view
check "Create Files / Write Data". Notice that this is really only
a grant of Create Files since the ACE applies to This folder and
subfolders (i.e. not to file objects).
Then, back on the initial, generic permissions dialog check Read.
If one now goes to Advanced one should see two ACEs for the
group. The new one, Read for This folder, subfolders and files,
and the earlier which shows as Special in the adv dialog and is
applicable to This folder and subfolders, and is a List with the
one added ACE bit.
Another way to do this is
Grant the group Write, and then use the Advanced view to Edit
this so that it applies to This folder and subfolders and so that
all check boxes are cleared except for "Create Files/Write Data".
Then, back at the generic view highlight the group and grant
List folder contents and also grant Read
In both cases one would also grant to Creator Owner , ideally only
Modify but granting other than Full to Creator Owner is really just
a misnomer.
In both cases I have assumed that Execute should not be given to
the group - that these are information / data files and that we do
not want members of the group executing from the storage area.
If they should have execute, then where Read was granted one
would grant Read/Execute.

--
Roger Abell
Microsoft MVP (Windows Security)

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:eKjRnGbgFHA.2548@TK2MSFTNGP10.phx.gbl...
> Give the groups read/list/execute/write permissions and creator owner full
> control which is what creator owner usually has. Creator owner should show
> as full control for the parent folder of the three folders for acct, eng
and
> sales for "subfolders and files only" when you view advanced permissions.
> Also verify that the file has the owner that you expect after it is
> created. --- Steve
>
>
> "Thomas Cameron" <thomas.cameron@camerontech.com> wrote in message
> newsan.2005.07.05.21.57.45.932691@camerontech.com...
> > All -
> >
> > I've mucked about with advanced permissions and I still can't quite get
> > what I want to work.
> >
> > I would think this would be easy. Say I have three groups - accounting,
> > engineering and sales. I create three folders called acct, eng and
sales.
> > I want it set up so that anyone in the group can write to their folder,
> > but only the person who created a file can modify it later. I want
> > everyone in the group to be able to read any file, but only the creator
> > t be able to change it.
> >
> > How do I do that?
> >
> > Thanks,
> > Thomas
>
>

Anonymous

More Information

07-06-2005 at 05:31:27 PM

Hide

Archived from groups: microsoft.public.win2000.general,microsoft.public.win2000.security (More info?)

Thanks for catching and correcting that. I missed the part on write only to
their folder and read for any folder. You certainly pointed him to the
solution. --- Steve

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:efxCVPfgFHA.824@TK2MSFTNGP14.phx.gbl...
> Actually, that will not satisfy the poster's requirements since
> the read/list/execute/write will result in the file defined within
> having write granted on it to the group rather than only to the
> creating user.
>
> This is a little tricky to accomplish with the NTFS security dialog
> as normally things that you grant to Files (Files only, or This folder,
> subfolders, and Files, This folder and files, Subfolders and Files only)
> will result in the permissions that are applicable to file objects being
> set on those files objects at any of the specified levels.
>
> To accomplish what the OP is after here one needs to make use of
> the Folder ACE called in the interface Create file.
> To do this one may
> Grant List to the group, access the Advanced view and highlight
> the List grant and Edit it, and finally within the detail edit view
> check "Create Files / Write Data". Notice that this is really only
> a grant of Create Files since the ACE applies to This folder and
> subfolders (i.e. not to file objects).
> Then, back on the initial, generic permissions dialog check Read.
> If one now goes to Advanced one should see two ACEs for the
> group. The new one, Read for This folder, subfolders and files,
> and the earlier which shows as Special in the adv dialog and is
> applicable to This folder and subfolders, and is a List with the
> one added ACE bit.
> Another way to do this is
> Grant the group Write, and then use the Advanced view to Edit
> this so that it applies to This folder and subfolders and so that
> all check boxes are cleared except for "Create Files/Write Data".
> Then, back at the generic view highlight the group and grant
> List folder contents and also grant Read
> In both cases one would also grant to Creator Owner , ideally only
> Modify but granting other than Full to Creator Owner is really just
> a misnomer.
> In both cases I have assumed that Execute should not be given to
> the group - that these are information / data files and that we do
> not want members of the group executing from the storage area.
> If they should have execute, then where Read was granted one
> would grant Read/Execute.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:eKjRnGbgFHA.2548@TK2MSFTNGP10.phx.gbl...
>> Give the groups read/list/execute/write permissions and creator owner
>> full
>> control which is what creator owner usually has. Creator owner should
>> show
>> as full control for the parent folder of the three folders for acct, eng
> and
>> sales for "subfolders and files only" when you view advanced permissions.
>> Also verify that the file has the owner that you expect after it is
>> created. --- Steve
>>
>>
>> "Thomas Cameron" <thomas.cameron@camerontech.com> wrote in message
>> newsan.2005.07.05.21.57.45.932691@camerontech.com...
>> > All -
>> >
>> > I've mucked about with advanced permissions and I still can't quite get
>> > what I want to work.
>> >
>> > I would think this would be easy. Say I have three groups -
>> > accounting,
>> > engineering and sales. I create three folders called acct, eng and
> sales.
>> > I want it set up so that anyone in the group can write to their folder,
>> > but only the person who created a file can modify it later. I want
>> > everyone in the group to be able to read any file, but only the creator
>> > t be able to change it.
>> >
>> > How do I do that?
>> >
>> > Thanks,
>> > Thomas
>>
>>
>
>

Go to:

Tom's Guide Forums » Windows 2000/NT » Windows 2000/NT General Discussion » How to set up a folder so that only the creator of a file ..

Page generated in 0.901 seconds

Google ads