• Creator
  • #2200687

    Windows Server 2003 Permissions\Group


    by ottawarcolombi ·

    I have a folder structure that allows the owner\creator of a file full permission to their work and everyone else just rights to view. This person works in a group and wants the group to have full permission to each other?s work and only their work.

    A creates a file, B & C have full rights to A, B & Cs work. Everyone else in the office only has view rights and A, B & C only have full permission for any work created by either A, B or C.

    Is this possible?


All Answers

  • Author
    • #3001041


      by ottawarcolombi ·

      In reply to Windows Server 2003 Permissions\Group


    • #3001000

      It seems simple…

      by brenton keegan ·

      In reply to Windows Server 2003 Permissions\Group

      Maybe I’m missing something, but why can’t you just set the permissions you need?

      Are A B and C people or groups? From your language they seem to be people. If so, put them in a group and give that group permissions on the folder where these files are stored/created.

      Create a second group that contains all employees and give this group read access to this folder.

      Maybe I’m misunderstanding something but it seems that what you are asking is pretty straightforward.

      • #2999927

        in AD environment the most restrictive applies

        by cg it ·

        In reply to It seems simple…

        so if members of one group have read/write and if members of that group are members of another group that have only read, read will apply [most restrictive].

      • #2999587

        Yes, in a active directory

        by ottawarcolombi ·

        In reply to It seems simple…

        I am talking about a folder with sub folders and files. Everyone publishes to the folders (according to the files numbers). People that create the files have full access to their files alone but can read anyone else’s files. The permissions are set at the file level and not for the folder.
        When the user A creates a document, it is filed accordingly. That person then has full rights. That person works with two other people (B&C). They are not owners of that file and as such only have read rights. What I want is to have those three people to have full rights for their group So A & B and C will have full rights for documents created by A, B or C but only read for everyone else.

    • #2999814

      if you feel like scripting…

      by brenton keegan ·

      In reply to Windows Server 2003 Permissions\Group

      Then I can think of a couple options for you. You could write a script that queries the AD database for users within a specific OU and changes the security descriptors on a folder based on a group membership (or lack of group membership). It will look ugly when you look at the permissions, but it would still be managed via group.

      Alternately you could have 2 separate groups with permissions set on that folder. Have a scheduled script to run and put users in the group that only had read permissions that aren’t in the group with write permissions.

Viewing 2 reply threads