How to lock down folder and file creation on a root folder

Want to know how to lock down folder and file creation on a root folder?

What’s up nerds.

Do you have an annoying user base that keeps dumping their personal crap in your carefully maintained server folder structure?  Do you spend time keeping your folders neatly organized only to see 10 empty “New Folders” show up every damn week?

Never fear nerd, I know how to lock down your Root folder without having to go through the hassling of adjusting the security of each folder one by one.

  • You’ll want to make security changes to ONLY the root folder so that you can maintain the security settings of all your sub-folder’s
  • The thought process is that if you change the security settings of the root folder to “can’t create folder” and “can’t create files” and then all your sub-folders have inheritance turned on then you are going to completely lock down all your server shares
  • So, to easily disable inheritance on your subfolders run this from the command prompt of the windows server

icacls F:\parent\*.* /inheritance:d

  • Where I have “f:\parent” put in your root folder
    • In the inheritance parameter you have 3 choices

E – enables inheritances

d – disables inheritance but keeps the existing security settings

r – disables inheritance and removes existing security settings

  • Choose your command wisely nerd, as this can do a lot of damage if not properly thought out.  I choose D because it lets me maintain my existing security settings and simply disables inheritance so that the security settings of the root folder I am about to limit with not propagate to all my subfolders
  • Now that we have disabled inheritance. right click on the root folder and go to properties and the security tab
  • Click on ‘advanced’ and ‘change permissions’ and then edit the group you want to limit (in my case its domain users)
  • Either Un-check Allow “create files” and Allow “create folders” or check Deny (depending on your Windows Server version)
  • Make sure you still leave an admin with full control on the root
  • Hit OK and Apply and then it should quickly make the adjustment
  • Test with the admin and see if you can create files and folders and then login as a domain user and test there as well

This is how to lock down folder and file creation on the root folder of a Windows Server share

If you found this post useful please pop a Facebook Like at the top of the article

No Comments

Post A Comment

Stop Ransomware AND Employee Theft

program that stops ransomware

Click to Learn How