I have a directory structure setup which contains 1000+ files and a few hundred folders. It currently is setup for modify on files and folders. I want people to be able to make new documents and delete/write any documents they like(no change to current permissions). I also want to stop them from moving any folders around by mistake by accidently dragging them. I have been looking at the technet article, "Setting Access control on files, Shares and other system objects in windows 2000". I have be playing with windows2000 Svr SP4, in a test lab, and have setup several directories to try and replicate this issue I have changed the NTFS advanced security, special permissions settings for directories to the following: Apply onto: Folder and subfolders NTFS Settings: Traverse/ list folders, Read attrib, read extended, create files, creat folders write attributes I have changed the NTFS advanced security, special permissions settings for files to the following: Apply onto files: Traverse/ list folders, Read attrib, read extended, create files, creat folders write attributes, write attrib, write extended, delete, delete subfolders When I log onto an XP machine and log on with a user who should not be able to delete or move directories, it won't let me add a directory, or place a file in the directory. It tells me access denied. I should get this for directories but for files I should be able to make a new file. To sum up: I need to be able to add files after the permisisons are delegated. As I understand it, new files take on inherited permission from the directory permissions. Hence I can't create new files and I can't update existing files either. Can this be done? Has anybody done this?
