File Permissions

Discussion in 'Windows Small Business Server' started by Nick, Aug 20, 2010.

  1. Nick

    Nick Guest

    I'm trying to setup file permissions on a single file shared on the server,
    whereby the Admisitrator has full control, but certain users have 'Read' only
    permsision.
    I want users to be able to access the file and read the contents, but no be
    able to modify or change the contents.
    Simple enough, but within the file's Security tab I have the Administrator,
    and Users group added (nothing else), and permissions are set to Full control
    for Administrator, and Read & Execute, and Read for the Users.
    However, the users are unable to open the file (Access Denied), unless I
    enable either Full Control or Write to their group permissions.
    Why woudl the Write permission enable access, and allowing them to change
    data obviously, but when unchecking the Write permission all access is
    denied, even though Read and Read & Execute is checked.
    There are no Deny boxes checked within the directory structure.
    There seems to be too many variables.
    Even if I just add each user to the Security list and enable Read only
    permissions, they can't access the file, unless Write permission is also
    checked.
    Confused!!

    Any help would be appreciated , Thanks
     
    Nick, Aug 20, 2010
    #1
    1. Advertisements

  2. Nick

    Nick Guest

    Thanks Brian for your help.
    The file is actually a from a Calendar software (.ecf) program

    I'm not sure about the 'write access'

    I shall investigate

    Thanks again
     
    Nick, Aug 20, 2010
    #2
    1. Advertisements

  3. Nick

    Jim Guest

    Adding to Brian's comments, try giving users write-access to the
    folder but read access to the file - just in case it is the Access
    scenario and the calendar program is trying to create a .tmp file etc.


    Jim
     
    Jim, Aug 20, 2010
    #3
  4. Nick

    Nick Guest

    No, I'm not using the Outlook Calendar, I'm using a program called "Efficient
    Calendar" , which happens to look a lot like Outlook's calendar.

    With regards Jim's comment, the folder's permissions are set to Write. (In
    fact they are set to Full Control for all Entries)

    Thanks
     
    Nick, Aug 20, 2010
    #4
  5. Nick

    Leythos Guest

    On the SHARE - set all users to FULL CONTROL
    On the FOLDER, Administrators, Sec Permissions, FULL CONTROL
    Don't change SYSTEM account permissions on Security

    Create a security group, lets call it SG_FOLDERNAME_RO (RO is read only,
    to make it easy to identify).

    On the FOLDER, remove EVERYONE, remove AUTHENTICATED USERS, ADD
    SG_FOLDERNAME_RO

    In the Security Group, add the user accounts needed (not "DOMAIN USERS"
    and not "AUTHENTICATED USERS" to the group.

    On the FOLDER, SECURITY, SG_FOLDERNAME_RO selected, remove all
    permissions, don't set ANY deny, now add the permissions "read &
    execute", "List folder contents" "READ" - actually, when you select
    "read & execute" it will apply the other two.

    Now, this will make the FOLDER FULL ACCESS for Administrators

    The change will only apply after they've logged out and back into the
    system 1 time, if they are already logged in and have already accessed
    the share.
     
    Leythos, Aug 21, 2010
    #5
  6. Nick

    Nick Guest

    Thanks very much for your detailed help!
    I follwed your instructions, and created a SG with only the users I want
    listed.
    Unfortunately this still isn't working for me.
    Just so I haven't got the wrong ene of the stick:

    Before I followed your instructions, I had a shared folder called "Calendar"
    The "Calendar" share Permissions has the EVERYONE group only in there, and
    set to Full Control
    The "Calendar" Security Permissions, has Administrators, Creater Owner,
    System, and Users (domain\users)
    Adminstrators is set to FC
    Users is set to Read & Ex, List Folder Contents
    System is set to FC
    Creator Owner has only Special Permissions selected

    The saved calendar data file within "Calendar" folder. In the Security
    Permissions, there is Administrators (set to FC)
    System (set to FC)
    Users (domain\users) (set to Read & Execute, and Read)

    With these settings, the Administrator can have full access, but users have
    "Access Denied" presented to them when opening the data file.
    Only way they can see the data file, is to enable WRITE in the file's
    security Users permissions.

    I have tried various methods, like not inheriting permissions, and adding
    the unique users to the security permissions with explicit permissions, but
    all to no avail.
     
    Nick, Aug 21, 2010
    #6
  7. Nick

    Leythos Guest

    Remove Creator/owner.

    Click on the folder, security, advanced, apply permissions down the
    folder to the file.

    You may not have applied the permissions to the FILE itself, or the
    OWNER of the file may be incorrect.

    Open the share from one of the workstations, as the user in question,
    browse to the file, right click, properties, select security, look at
    the permissions as the user.

    If you're getting DENIED when you open the folder then you've got
    something else overriding the permissions. If the folder opens, do the
    same on the file, if denied on the file then you've got to find the
    incorrectly set permission.

    You should also remove "Inherents from parent" setting.

    Always apply permissions using GROUPS, never individual users, for
    shares - it's a LOT easier to manage.

    So, make sure that the permissions replicated to the FILE, go to a
    workstation, test and let us know.
     
    Leythos, Aug 21, 2010
    #7
  8. Nick

    Nick Guest

    Thanks again for your help.

    I will have to think of another approach to this.

    Still no joy with access to the file.

    My Shared Folder, and also the file have only Administrator, and SG Group in
    the Security permissions. Administrator set to FC on both, and SG set to,
    Read & Execute, List Folder Contents, and Read, again on both folder and file.
    No Inheritance on either.

    At the Workstation, when checking the file's permissions, they are the same
    as the Server's permissions.

    Not sure if this in fact a program\software issue, as I notice if I make a
    change to the file, and then delete\undo the change, it doesn't prompt me to
    save the file when exiting the program..

    Back to the drawing board.....

    Thanks
     
    Nick, Aug 22, 2010
    #8
  9. Nick

    Leythos Guest

    If the program allows updates to the file then it's opening it in R/W
    mode.

    Why not setup a special permissions security that denies DELETE, Change
    Ownership, and give them RW permission?
     
    Leythos, Aug 22, 2010
    #9
  10. Nick

    Nick Guest

    I will try the changes you suggest, and let you know the outcome

    Thanks
     
    Nick, Aug 24, 2010
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.