Windows – NTFS permissions: how to make a folder read only for a group, but give write permission for only one member of this group

ntfswindows

I've a folder that I want a group of users can have read-only access, but only one of these users must have write permissions.

The problem is that seems that if that user pertains to the read-only group, it takes preference over the write permission gave to the specific user…

Is not possible to remove the user from the group… so… how I can make this work?

Best Answer

In NTFS permissions, Deny attributes overrule unset or Allow permissions. If the read-only group has write set to deny, no amount of allow rules from any other group membership will work.

There is an exception to this:

Inherited Deny permissions do not prevent access to an object if the object has an explicit Allow permission entry. (Source: Technet)

Also, and this may or may not apply to your set up, Share permissions are also applied, and if a share's permissions aren't set to allow changes, the user still won't be able to write to the folder even with the correct NTFS permissions.

Best Answer

Related Solutions

Windows Server 2008 R2–how give a WCF service write permission to folder

Windows folder permission only to a user and deny all others of his group

Related Topic