I've a folder that I want a group of users can have read-only access, but only one of these users must have write permissions.
The problem is that seems that if that user pertains to the read-only group, it takes preference over the write permission gave to the specific user…
Is not possible to remove the user from the group… so… how I can make this work?
Best Answer
In NTFS permissions, Deny attributes overrule unset or Allow permissions. If the read-only group has write set to deny, no amount of allow rules from any other group membership will work.
There is an exception to this:
Also, and this may or may not apply to your set up, Share permissions are also applied, and if a share's permissions aren't set to allow changes, the user still won't be able to write to the folder even with the correct NTFS permissions.