NTFS file and folder permissions

[TT99]

I have a directory structure setup which contains 1000+ files and a few hundred folders. It currently is setup for modify on files and folders. I want people to be able to make new documents and delete/write any documents they like(no change to current permissions). I also want to stop them from moving any folders around by mistake by accidently dragging them.

I have been looking at the technet article, "Setting Access control on files, Shares and other system objects in windows 2000". I have be playing with windows2000 Svr SP4, in a test lab, and have setup several directories to try and replicate this issue

I have changed the NTFS advanced security, special permissions settings for directories to the following:

Apply onto: Folder and subfolders

NTFS Settings: Traverse/ list folders, Read attrib, read extended, create files, creat folders write attributes

I have changed the NTFS advanced security, special permissions settings for files to the following:

Apply onto files: Traverse/ list folders, Read attrib, read extended, create files, creat folders write attributes, write attrib, write extended, delete, delete subfolders

When I log onto an XP machine and log on with a user who should not be able to delete or move directories, it won't let me add a directory, or place a file in the directory. It tells me access denied. I should get this for directories but for files I should be able to make a new file.

To sum up: I need to be able to add files after the permisisons are delegated. As I understand it, new files take on inherited permission from the directory permissions. Hence I can't create new files and I can't update existing files either.

Can this be done? Has anybody done this?

[fdv]

No. NTFS does certain things very well, but sometimes you REALLY want to be able to do a certain thing, and you just can't. I'd love to configure the same thing you're asking for but this functionality does not exist currently in NTFS.

[Takeshi]

You want to create files within a folder but not changing the folder itself.

So would setting

Apply To: files

and

Permissions: Create Files / Write Data

do that?

Perhaps also disinherit from parent...

The other thing is to create user Groups and set permissions for the group rather than for individual users.