Understanding Windows File / Folder Inheritance

Here is a typical scenario.  The CEO wants to have a folder located where everyone elses files are, but he wants it so that only he can view and not one else.  You come up with a bunch of other ideas and for logistical reasons you realize that your stuck with what he wants you do to do and there is no way to get out of it.  So what can you do?  As you already may have guessed there is a way to do this but it may not be very clear.

It’s highly recommended that you only apply group permissions.  In this example I will only be using Groups for permissions but it does not make a difference you will just need to substitute accordingly for your own environment.

Example Groups used in this exercise:

  • Root-Example
  • RandomGroups-Example
  • CEO-Example

Lets start with the basics of the issue, here is the folder structure we are dealing with.

  • example root
    • Documents Folder
    • Files Folder
    • Shared with everyone Folder
      • CEO Private Folder  <– our CEO wants this folder to be protected so that only he can view the contents as there are important files and folders in there.

Permissioning works like the following by default.  What is on the top (example root) level those permissions get pushed downwards to the bottom.  What we need to do is break the permissioning so that the “CEO Private Folder” gets its own permissioning and does not inherit the permissions from the above.

See the examples below

 

 

 

 

(From Top to Bottom – default permissions)

In this example (the picture to the bottom) shows how the permissions are inherited from the top. You can determine this by looking at the other group called “RandomGroups-Example” these permissions were applied at the “Share with everyone folder” and they were also applied to the “CEO Private Folder”, and do not go upwards. However, the permissions that were applied at the “example root” folder with the permissions “Root-Example” are applied at every level from the top most to the bottom most.

permissioning-structure-example

(Example of Top to Bottom Permissions)

Lets break the inheritance of the “CEO Private Folder”

1. Right click on “CEO Private Folder” and select properties

2. Then click on the “Advanced” button.

advanced-security-tab-permissions

3.  Click on “Disable Inheritance”

disable-inheritance-window

4.  Now click on “Convert inherited permissions to explicit permi…” (this prevents any unseen issues or accidental security changes)

convert-permissions-for-to-break-inheritance

5. After doing the above it may take some time.  Click “Ok” and go back to the previous screen. Click on “Edit”

folder-security-tab-permissions

6. On this screen you can now remove all the permissions which you do not want to give and apply the ones you do.  In this case “CEO-Example” we will apply the rights to view and modify files now.  All you need to do is press “Apply or Ok” to make the final changes.

set-final-permissions

7. As you can see below the permissions have been set and only the CEO has access to this location.  Our CEO is very happy now.

final-permissions-ceo-is-happy

 

Leave a reply:

Your email address will not be published.

Site Footer