Jump to content

Problem with complicated Windows NTFS permissions


lucidanime

Recommended Posts

Hi all, hope someone can help me on this. In the school I work in, we have a share called Postbox on our AD server (Server 2008 R2). This folder is used by Teachers to create a space for students to dump in answer files for exams, etc.

What I'm trying to do is set it up so that Administrators and Teachers groups have full control, and that people from PLC Students and Post Primary Students can add files to Postbox (into whatever folder the teacher creates), but once added they cannot modify those files, and also, cannot view files by other members of the PLC Students or Post Primary Students group, so essentially it will look like they are the only student to submit a file to postbox for marking.

I've been fighting with NTFS permissions for two days now, and I haven't been able to come up with a suitable set for PLC Students and Post Primary Students to restrict them as I've detailed above, any help or direction would be great. If anyone needs any more detail to be able to understand and/or aid with this problem, feel free to shout, and I'll give what detail I can!!

EDIT: A somewhat visual aid:

Postbox
-> Teacher A
-> Class 1A
-> Exam XX
-> Student 1.txt
-> Student 2.txt
-> Student 3.txt
-> Class 2B
-> Exam XX
-> Student 4.txt
-> Teacher B
-> Class 3C
-> Exam XX
-> Student 5.txt
-> Student 6.txt
-> Class 4D
-> Exam XX
-> Student 7.txt

Basically, Teachers can see all files, Student 1 can only see folders + his/her own files only, Student 2 can see folders and his/her own files only, etc

Edited by lucidanime
Link to comment
Share on other sites


You either give rights to a file, or you don't - what you could do is give users "Special" rights, and allow them write access but not list access - this would allow them to upload files but not see anything in the share. However, that doesn't preclude them from simply overwriting what they've put there with another file, because rights are static. This would require custom scripting, event triggering, and probably constant administration.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...