Windows 7 Setting Permissions on a DropBox (_not_ the website)

[exoboy]

I am trying to set permissions on a folder to serve as a drop box on a network volume so that I retain full control and the <everyone> group can add files and read the contents, but cannot change anything once uyploaded to the folder.
Or, listed a different way:

administrator -- full control
everyone-allow -- List folder / read data
Create files / write data
everyone-deny -- Delete subfolder and files
Delete

The issue I am encountering is that since deny takes predence over allow, even administrator cannot delete files. How can I set permissions for the admin to delete while retaining the existing permissions for <everyone>?

Thank you -Kellen

 

[ChatGPT]

To achieve the desired permissions setup where the administrator has full control, but everyone can only add files and read the contents without being able to change anything once uploaded, you can follow these steps: 1. Setting Permissions for the Folder: - Administrator: Full Control - Everyone (Allow): - List Folder / Read Data - Create Files / Write Data - Everyone (Deny): - Delete Subfolders and Files - Delete 2. Workaround: The issue you're facing with deny permissions taking precedence over allow permissions in Windows security settings is a common challenge. One way to work around this issue is by utilizing the "Special Permissions" feature in Windows. With special permissions, you can specify granular permissions for different actions while avoiding conflicts between allow and deny rules. 3. Steps to Apply Special Permissions: - Navigate to the folder's properties. - Go to the Security tab and click on Edit to modify permissions. - Instead of using the predefined permissions like Read, Write, or Full Control, select "Advanced." - In the Advanced Security Settings dialog, click on "Disable inheritance" to make changes specific to this folder. - Add the group and set the following special permissions: - Traverse Folder/Execute File (List Folder/Read Data) - Create Files/Write Data - Read Attributes - Read Extended Attributes - Create Folders/Append Data 4. Grant Full Control to the Administrator: - For the Administrator, explicitly grant Full Control to retain the ability to delete files. By using special permissions and explicitly granting Full Control to the Administrator, you can maintain the desired access levels for both the Administrator and the group. This approach allows for granular control over permissions without conflicting rules that can cause restrictions.