Folder permissions overriding each other?

We run Win2000Server on the server, with a few WinXPpro workstations and a few Win2000 workstations. I am trying to preserve the contents of a shared folder on the server, so no users can delete files (nor the folder itself).
ALL users must be able to ADD files. I DO want to assign a couple managers the ability to delete files if needed. But when I try to adjust permissions, it is real hard to get them all to work properly.
By default, it appears "EVERYONE" is allowed to do "EVERYTHING." I tried adding individual users with "ALLOW ALL" permissions, then modified the "EVERYONE" to specific functions (essentially denying "Delete" and "Delete Files" permissions). But it just doesn't work. Any tips on Permissions? TIA.

 

Are you setting the permissions on the share or on the actual folder?

Note that I've had strange results using the 'deny' piece and don't mess with it these days.

Have you tried deleting Everyone from the permissions section? Much safer than restricting it since what you do to Everyone (if it is there) will be done to Everybody.

Try giving Everyone full access to the share, removing Everyone from the folder, and setting permissions for users or groups-you-created to suit your needs.

 

Newt: You are right about the "DENY" tool; if you are not careful you can lock yourself out of places! That is not the problem here.
This SHARE gives permissions to everyone. I am only changing the FOLDER permissions.
I like your idea of creating groups. I did not try that before. I was assigning full rights to each of several managers, and trying to modify the "EVERYONE" rights to control the remaining users. That's where I had conflicts. Your plan might save some work. I will try it tomorrow. Thanks, Greg.

 

Wow... this is more of a puzzle than I thought. Just lucky things are wide OPEN right now, rather than shut... at least my users can get to their files. I only want to deny the "general users" group (a group I made) from deleting this folder or the files inside this folder. They should be able to add files and subfolders. But any restrictions I put on this group seem to prevent them from even looking in the folder! Too restrictive! BTW, I removed the permissions for "Everyone" after I put my specifics in place. No help! I will keep experimenting...

 

Hmmmm - bearing in mind that permissions are 'most restrictive' so if there is a group that has less rights and contains the same members, they get less rights

I suggest using Deny in this case and as shown in the pictures with all the things you want them to do explicitly checked in the first column and the 'don't want' stuff checked in the deny column.

If that doesn't solve the problem for you, then I'm stumped except to suggest the server has issues and that maybe sfc /scannow is in order.

 

PHew! OK Newt, thanks for your input. The challenge goes on. Of course, this is something I only play with "after hours" so my colleagues don't get locked out. But I will keep up the experiment! //Greg.