Register

Forgot Password

Site FAQ

Home > IT Answers > Windows Server > Can I use a GPO to stop users from changing information in Windows folders?

Windows Security ATE

160 pts.

Can I use a GPO to stop users from changing information in Windows folders?

Active Directory, GPO, Windows Security

Our company has a share called "ClientStore" where we store all client information. Within the "ClientStore" folder we have a letter for each letter in the alphabet. Then we have another folder with the client's company name within the folder that the client's company name starts with. Then we have all the client information within that particular client folder. What we're trying to accomplish is to prevent users from making changes, such as deleting, renaming, moving and so on, to our folder structure. We would like to lock it down but we still need to allow our users to write, edit and read within each of those Client Folders so they can save documents and edit documents for a particular client. Is there anyway to accomplish this with a GPO?

Software/Hardware used:

ASKED: February 26, 2008 4:01 PM

UPDATED: February 29, 2008 11:32 PM

RELATED QUESTIONS

Answer Wiki:

I believe you could accomplish this by denying the delete permission on the folder structures for the groups you do not want to delete. Remember, that Windows 2003 will propigate permissions automatically to child folders-- unless the folder has turned off the inheretance of permissions from the parent. Also keep in mind that if you do this, which I think is what your asking for, that when users create files they will not be able to delete them unless you've given the creator owner delete access.

Last Wiki Answer Submitted: February 26, 2008 4:07 pm by Jerry Lees

5,320 pts.

All Answer Wiki Contributors: Jerry Lees

5,320 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Feb 26, 2008 11:32 PM (GMT)

or what you could do is setup the entire folder structure with List Files/Traverse folders permissions to all groups that need to get into the folders. this will allow them to see the folders and get into them but they will not be able to modify nor delete any of them. then give the the last folders special rights to the user groups to modify the subfolders and files only.

Buddyfarr

6,850 pts.

POSTED: Feb 27, 2008 3:41 AM (GMT)

Buddy, this won’t allow them to read the contents of the files either though unless you added the read permission. Additionally, the original question was needing to read, write, and modify. This is essentially the change permission MINUS the delete permission.

Jerry Lees

5,320 pts.

POSTED: Feb 29, 2008 11:32 PM (GMT)

The way to go about this is not using group policy but NTFS permissions.

Wrobinson

5,610 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags