I'm trying to set up a server folder where the users have file read and write
access, but they cannot overwrite or delete files. I don't really care about
folder permissions. I'll have an administrator create folders.

As I read through the support files, I can't figure out how to separate
write and overwrite privileges. These two permissions are tied together on
one option:

Create Files/Write Data
The Create Files permission applies only to folders and allows or denies the
user from creating files in the folder.

The Write Data permission applies only to files and allows or denies the
user from making changes to the file and overwriting existing content by NTFS

The link below explaining special permissions may help. There is a
distinction in what users can do to existing files. If they have modify
permissions they can delete files. With write permissions they can append
data which means they can add data to an existing file. A lot depends on how
the application handles files as many will delete the old file and create a
new one when the file is modified which a user without modify/full control
can not do. --- Steve

http://support.microsoft.com/default...b;EN-US;308419

The Append Data permission applies only to files and allows or denies the
user from making changes to the end of the file but not from changing,
deleting, or overwriting existing data .



"BrianS" <BrianS@discussions.microsoft.com> wrote in message
news:3D5393E8-9732-4F04-904D-7BF3F022F74C@microsoft.com...
> I'm trying to set up a server folder where the users have file read and
> write
> access, but they cannot overwrite or delete files. I don't really care
> about
> folder permissions. I'll have an administrator create folders.
>
> As I read through the support files, I can't figure out how to separate
> write and overwrite privileges. These two permissions are tied together
> on
> one option:
>
> Create Files/Write Data
> The Create Files permission applies only to folders and allows or denies
> the
> user from creating files in the folder.
>
> The Write Data permission applies only to files and allows or denies the
> user from making changes to the file and overwriting existing content by
> NTFS

Right - thanks. I really appreciate the response, Steve.

These will all be Microsoft Word files.

I don't want change/overwrite permissions. I don't see how I can separate
it so that users can create but not delete or overwrite. If I'm reading it
correctly, I want "create files" to be set to "allow" but "write data" to be
set to "deny." But it looks to me as though the "Create Files / Write Data"
permission is tied to one permission line. I don't understand why they're
not two separate permissions.

Am I reading that wrong?

I don't care if they have "create folder" privileges, so that line "Create
Folders / Append Data" can be set to "deny."

I used to do some server admin years ago... It seems that this used to be
easy on WinNT. Now I'm just on a project and trying to set up an
appropriately secure server space, and can't get the help I need from my IT
group, who tells me that this can't be done. I find that hard to believe,
although don't see how to do it.


"Steven L Umbach" wrote:

> The link below explaining special permissions may help. There is a
> distinction in what users can do to existing files. If they have modify
> permissions they can delete files. With write permissions they can append
> data which means they can add data to an existing file. A lot depends on how
> the application handles files as many will delete the old file and create a
> new one when the file is modified which a user without modify/full control
> can not do. --- Steve
>
> http://support.microsoft.com/default...b;EN-US;308419
>
> The Append Data permission applies only to files and allows or denies the
> user from making changes to the end of the file but not from changing,
> deleting, or overwriting existing data .
>
>
>
> "BrianS" <BrianS@discussions.microsoft.com> wrote in message
> news:3D5393E8-9732-4F04-904D-7BF3F022F74C@microsoft.com...
> > I'm trying to set up a server folder where the users have file read and
> > write
> > access, but they cannot overwrite or delete files. I don't really care
> > about
> > folder permissions. I'll have an administrator create folders.
> >
> > As I read through the support files, I can't figure out how to separate
> > write and overwrite privileges. These two permissions are tied together
> > on
> > one option:
> >
> > Create Files/Write Data
> > The Create Files permission applies only to folders and allows or denies
> > the
> > user from creating files in the folder.
> >
> > The Write Data permission applies only to files and allows or denies the
> > user from making changes to the file and overwriting existing content by
> > NTFS
>
>
>

I admit it is confusing in the way MS label special permissions. When you
see a permission such as Create Files / Write Data the create files applies
only to folders while write data applies only to files. It makes a
difference deepening on what you select in the "apply onto" box for special
permissions. For example you can give users a set of one permissions for
folders only and then another for files only. If you look at the special
permissions in the root/drive folder in advanced you will see how default
special permissions are configured for users where that group is shown three
times. The overall permissions you see on the general security page are for
folders, subfolders, and files. If you have some reason for users to create
files and be able to view then but not change/edit them in any way then do
not give the users any delete, write data, and append data permissions for
"files only" but give them create files/write data for folders only. The
other problem is that the creator of a file will receive permissions that
the creator owner placeholder has which by default is full control though
you can change that but the owner of a file could potentially change
permissions to it. If you want to create a drop folder just give the users
write access to the folder. If the users need to be able to edit and save.
If you need them to be able to edit Word files you are probably out of luck
as I believe Word deletes the old file and creates a new file from the
temporary it creates of the opened file after a user saves an edited
document. However this is a case where creator owner may help because in
default configuration it will give the file creator permissions to edit a
Word document but only allow others to read if the folder restrictions are
such to restrict users in general to only read. --- Steve



"BrianS" <BrianS@discussions.microsoft.com> wrote in message
news:2089385F-FBEB-43A3-BC6F-5D364A5664F2@microsoft.com...
> Right - thanks. I really appreciate the response, Steve.
>
> These will all be Microsoft Word files.
>
> I don't want change/overwrite permissions. I don't see how I can separate
> it so that users can create but not delete or overwrite. If I'm reading
> it
> correctly, I want "create files" to be set to "allow" but "write data" to
> be
> set to "deny." But it looks to me as though the "Create Files / Write
> Data"
> permission is tied to one permission line. I don't understand why they're
> not two separate permissions.
>
> Am I reading that wrong?
>
> I don't care if they have "create folder" privileges, so that line "Create
> Folders / Append Data" can be set to "deny."
>
> I used to do some server admin years ago... It seems that this used to be
> easy on WinNT. Now I'm just on a project and trying to set up an
> appropriately secure server space, and can't get the help I need from my
> IT
> group, who tells me that this can't be done. I find that hard to believe,
> although don't see how to do it.
>
>
> "Steven L Umbach" wrote:
>
>> The link below explaining special permissions may help. There is a
>> distinction in what users can do to existing files. If they have modify
>> permissions they can delete files. With write permissions they can append
>> data which means they can add data to an existing file. A lot depends on
>> how
>> the application handles files as many will delete the old file and create
>> a
>> new one when the file is modified which a user without modify/full
>> control
>> can not do. --- Steve
>>
>> http://support.microsoft.com/default...b;EN-US;308419
>>
>> The Append Data permission applies only to files and allows or denies the
>> user from making changes to the end of the file but not from changing,
>> deleting, or overwriting existing data .
>>
>>
>>
>> "BrianS" <BrianS@discussions.microsoft.com> wrote in message
>> news:3D5393E8-9732-4F04-904D-7BF3F022F74C@microsoft.com...
>> > I'm trying to set up a server folder where the users have file read and
>> > write
>> > access, but they cannot overwrite or delete files. I don't really care
>> > about
>> > folder permissions. I'll have an administrator create folders.
>> >
>> > As I read through the support files, I can't figure out how to separate
>> > write and overwrite privileges. These two permissions are tied
>> > together
>> > on
>> > one option:
>> >
>> > Create Files/Write Data
>> > The Create Files permission applies only to folders and allows or
>> > denies
>> > the
>> > user from creating files in the folder.
>> >
>> > The Write Data permission applies only to files and allows or denies
>> > the
>> > user from making changes to the file and overwriting existing content
>> > by
>> > NTFS
>>
>>
>>

Thanks again, Steve.

"Steven L Umbach" wrote:

> I admit it is confusing in the way MS label special permissions. When you
> see a permission such as Create Files / Write Data the create files applies
> only to folders while write data applies only to files. It makes a
> difference deepening on what you select in the "apply onto" box for special
> permissions. For example you can give users a set of one permissions for
> folders only and then another for files only. If you look at the special
> permissions in the root/drive folder in advanced you will see how default
> special permissions are configured for users where that group is shown three
> times. The overall permissions you see on the general security page are for
> folders, subfolders, and files. If you have some reason for users to create
> files and be able to view then but not change/edit them in any way then do
> not give the users any delete, write data, and append data permissions for
> "files only" but give them create files/write data for folders only. The
> other problem is that the creator of a file will receive permissions that
> the creator owner placeholder has which by default is full control though
> you can change that but the owner of a file could potentially change
> permissions to it. If you want to create a drop folder just give the users
> write access to the folder. If the users need to be able to edit and save.
> If you need them to be able to edit Word files you are probably out of luck
> as I believe Word deletes the old file and creates a new file from the
> temporary it creates of the opened file after a user saves an edited
> document. However this is a case where creator owner may help because in
> default configuration it will give the file creator permissions to edit a
> Word document but only allow others to read if the folder restrictions are
> such to restrict users in general to only read. --- Steve
>
>
>
> "BrianS" <BrianS@discussions.microsoft.com> wrote in message
> news:2089385F-FBEB-43A3-BC6F-5D364A5664F2@microsoft.com...
> > Right - thanks. I really appreciate the response, Steve.
> >
> > These will all be Microsoft Word files.
> >
> > I don't want change/overwrite permissions. I don't see how I can separate
> > it so that users can create but not delete or overwrite. If I'm reading
> > it
> > correctly, I want "create files" to be set to "allow" but "write data" to
> > be
> > set to "deny." But it looks to me as though the "Create Files / Write
> > Data"
> > permission is tied to one permission line. I don't understand why they're
> > not two separate permissions.
> >
> > Am I reading that wrong?
> >
> > I don't care if they have "create folder" privileges, so that line "Create
> > Folders / Append Data" can be set to "deny."
> >
> > I used to do some server admin years ago... It seems that this used to be
> > easy on WinNT. Now I'm just on a project and trying to set up an
> > appropriately secure server space, and can't get the help I need from my
> > IT
> > group, who tells me that this can't be done. I find that hard to believe,
> > although don't see how to do it.
> >
> >
> > "Steven L Umbach" wrote:
> >
> >> The link below explaining special permissions may help. There is a
> >> distinction in what users can do to existing files. If they have modify
> >> permissions they can delete files. With write permissions they can append
> >> data which means they can add data to an existing file. A lot depends on
> >> how
> >> the application handles files as many will delete the old file and create
> >> a
> >> new one when the file is modified which a user without modify/full
> >> control
> >> can not do. --- Steve
> >>
> >> http://support.microsoft.com/default...b;EN-US;308419
> >>
> >> The Append Data permission applies only to files and allows or denies the
> >> user from making changes to the end of the file but not from changing,
> >> deleting, or overwriting existing data .
> >>
> >>
> >>
> >> "BrianS" <BrianS@discussions.microsoft.com> wrote in message
> >> news:3D5393E8-9732-4F04-904D-7BF3F022F74C@microsoft.com...
> >> > I'm trying to set up a server folder where the users have file read and
> >> > write
> >> > access, but they cannot overwrite or delete files. I don't really care
> >> > about
> >> > folder permissions. I'll have an administrator create folders.
> >> >
> >> > As I read through the support files, I can't figure out how to separate
> >> > write and overwrite privileges. These two permissions are tied
> >> > together
> >> > on
> >> > one option:
> >> >
> >> > Create Files/Write Data
> >> > The Create Files permission applies only to folders and allows or
> >> > denies
> >> > the
> >> > user from creating files in the folder.
> >> >
> >> > The Write Data permission applies only to files and allows or denies
> >> > the
> >> > user from making changes to the file and overwriting existing content
> >> > by
> >> > NTFS
> >>
> >>
> >>
>
>
>