OS Win server2003 R2



We have a file server with Folders\Subfolder1\subfolder2
I need to lock down these folder structures as :
1 - Only Administrators can create , move or delete "Folders" ,
"Subfolder1" and "Subfolder2"
2 - Non admin members may not delete or move "Folders" , "Subfolder1" and
"Subfolder2" , bur they do have read permisions.
3 - Users can only create folders and files in "Subfolder2"
4 - Uses may edit files but not delete files in "Subfolder2"

Is this possible ? If so how?
In NT4 this was a option box in the security settings at folder level -
--
!ngeniuos
(99% Perspiration)

On Fri, 30 Apr 2010 07:27:01 -0700, !ngeniuos
<ngeniuos@newsgroup> wrote:

>OS Win server2003 R2
>
>We have a file server with Folders\Subfolder1\subfolder2
>I need to lock down these folder structures as :
>1 - Only Administrators can create , move or delete "Folders" ,
>"Subfolder1" and "Subfolder2"
>2 - Non admin members may not delete or move "Folders" , "Subfolder1" and
>"Subfolder2" , bur they do have read permisions.
>3 - Users can only create folders and files in "Subfolder2"

The script below may get you started. It works when run on W2008 but does depend
upon icacls (which is also in W2003) and run via a UNC path. It also references
a security group "AllStaff" so you will need to modify it.

>4 - Uses may edit files but not delete files in "Subfolder2"

This cannot be done as programs such as Word deletes files as part of the edit
process. If you deny delete permission then Word/Excel etc will fail.

>
>Is this possible ? If so how?
>In NT4 this was a option box in the security settings at folder level -

-----Start script---------
@ECHO OFF
ECHO.
ECHO.

IF /I "%CD%" == "%windir%" GOTO NOMAP

SET MyDir=%1
IF /I "%MyDir%" == "/?" GOTO Help
IF /I "%MyDir%" == "" SET /P MyDir=Directory to set permissions for =
IF /I "%MyDir%" == "" GOTO Help

If EXIST "%MyDir%" GOTO RESETS
ECHO Creating Folder "%MyDir%"
MD "%MyDir%"
GOTO SETPERM

:RESETS
ECHO Folder "%MyDir%" already exists/

:SETPERM
ECHO.
ECHO Setting permissions and sub-folders in folder "%MyDir%"
ECHO.

REM Department level permission can be inherited as these will be correct

REM Create the sub folder structure (or just reset the permissions)
SETLOCAL
CD "%MyDir%"

SET SubFold="SharedWork"
If EXIST %SubFold% GOTO SETP1
MD %SubFold%
:SETP1
Rem These permissions allow all users including Students to have modify access
\\ad\storage\util\icacls %SubFold% /grant:r BUILTIN\UsersOI)(CI)(IO)(M)
BUILTIN\UsersOI)(CI)(W)

SET SubFold="StaffOnly"
If EXIST %SubFold% GOTO SETP2
MD %SubFold%
:SETP2

Rem These permissions allow all Staff to have modify access and Student no
access
cscript //NoLogo \\ad\storage\util\xcacls.vbs staffonly /I COPY /Q
\\ad\storage\util\icacls %SubFold% /grant:r AD\AllStaffOI)(CI)(IO)(M)
AD\AllStaffOI)(CI)(RX,W) /remove BUILTIN\Users

SET SubFold="StudentResources"
If EXIST %SubFold% GOTO SETP3
MD %SubFold%
:SETP3
Rem These permissions allow all Staff to have modify access and Students to have
read only access
\\ad\storage\util\icacls %SubFold% /grant:r AD\AllStaffOI)(CI)(IO)(M)
AD\AllStaffOI)(CI)(W)

ECHO.
ECHO.
ECHO Folder setup completed. You must now setup quotas and usage reporting in
FSRM
pause
GOTO :EOF


:HELP
ECHO.
ECHO Argument 1 can be the name of the folder you wish to set up.
ECHO If omited it is prompted for.
ECHO e.g. SetFolderPerms "My Folder"
ECHO.
ECHO.
pause
GOTO :EOF

:NOMAP
ECHO.
ECHO Error You must run this command from a mapped drive not a UNC path
pause
------------End script----------
--
Dave Mills
There are 10 types of people, those that understand binary and those that don't.