Hi everybody,

I am on a AD-based network driven by Windows Server 2008 as the Domain controller and a WIndows Server 2012 as a storage server.

There is a shared folder for sales persons where I want all sub-folders and files under those sub-folders created by user "Sales1" will be only accessible to user "Sales1" and not to other users, and same for "Sales2" - though other users (if possible by the final solution) might still see folders of the others, but double click will return "Permission denied".

The folder would lbe like below:

E: Sales Quotation

---- Sales person 1 

---------- <files>

---- Sales person 2

----------- <files>

... and so on

I tried to use the "Creator owner" user permissions and the "Access based enumeration" but still cannot execute my ideas.

Can you tell me if I have done anything wrong here? Or my idea would need another tool outside NTFS permissions of Windows Server?

• Edited by Tue Nguyen 12 hours 26 minutes ago

Hi,

If the files and subfolders are already existing, it will be difficult to change the NTFS permissions to creator owner.

If it is a new folder, try to config like this:

Say you have a folder E:\Sales

Go to Security tab - Advance, click Change Permissions. 

Click Disable inheritance, and click Remove to remove all permissions.

Now add the following permissions:

1. Domain Admins - Full Control - This Folder, Subfolders and Files (or change it as you needed)

2. Creator Owner - Full Control (Or any different settings which you would like to give the creator owner) - Subfolders and Files Only.

3. Everyone - Traverse folder/List folder/Read attributes/Read extended attributes/Read permissions - This folder only. (this is to allow users to go through the e:\Sales folder to get to its subfolders and files).