Results 1 to 2 of 2
  1. #1
    New Lounger
    Join Date
    Jul 2015
    Thanked 0 Times in 0 Posts

    Exclamation Windows Server 2012 shared-folder permissions issues

    Dear All,

    We are using Windows Server 2012R2 for sharing folders on the network.

    Our requirement is :
    1. Around 8 Shared folders
    2. Depends on folder we need to give Modify permission for small group, Read+Write for another group and R+W permissions including Modify permission on some subfolder for small group.
    3. Before I used to do settings from Folder->properties->share - allowing people to Read/Write and then go to security tab, there I edit permissions accordingly.

    But don't know where I am doing wrong, may be confused with Share permissions and NTFS permissions. And having issues now that user is able change permissions on some files/folder by going to Properties !

    Was thinking to remove sharing and do it again from scratch to avoid confusion and conflict.

    Please guide me to fulfill #2 (above point ) requirements.

    Looking forward for your suggestions !

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Thanked 1,169 Times in 1,087 Posts
    Rule 1: Always grant full permission to the share otherwise you will never understand the permissions.
    Rule 2: Never set individual user permissions, use groups and add users to the group.
    Rule 3: Never grant users (groups) full NTFS permission or they will change the security settings and screw them up.
    Caveat for rule 3: If the user creates a folder they automatically have full permission (they are the owner) so you may need to check permissions occasionally.
    Rule 4: Avoid not granting permission to a folder and then requiring permission on a sub-folder. It gets ugly.

    Write and modify are effectively part of the same permission. Attempting to split them is not a good idea.
    Not allowing modify or delete prevents a lot of file save action because programs use File Transactions to save. (Write a temp file, delete the original, rename the temp.)

    I suggest you advise the proposer of the idea that there are 2 permissions only (read and write) and they have to work out how to do what they want with those 2.

    Alternatively, draw up the structure and post it here so we can see if anything is possible. We also need to know what programs you are using to access / create / modify the files.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts