Hey there guys, I recently configured my network as a domain environment at home (please don't tell me that it's not necessary, it is for testing/educational purposes...besides the best way to learn is by experience right?) Anyways, I have a dedicated PC running Windows Server 2003 ENT SP2 (Evaluation 180-days..LEGAL) with AD/DNS/DHCP installed. This PC is also my file server with 160GB HDD which stores my shared Videos/Music/Photos etc. What I hope to accomplish is to setup the permissions on my NTFS shared files and sub=-folders for read/write access where my users have the ability to log on their domain account using a roaming profiles (accomplished) and access the "Shared" Network Share (accomplished) and add or remove files accordingly (accomplished) as well as NOT BE ABLE TO DELETE THE FILE STRUCTURE I HAVE IN PLACE (not accomplished)...I have gone mad trying different settings with the permission nnd pulling my hair out in frustration!!! Here are my users and groups as well as the structure I have in place: Domain Accounts Darin (ME) Alex Maygan Destiny Group Netusers (Darin, Destiny, Alex and Maygan) Shared Folders Shared (contains Sub-folders: Media, Public, Downloads and Other) Profiles (used for romaing accounts..permission are corrct [ie. users can access ONLY their account profiles and the Administrator as well as SYSTEM can perform all necessary functions]) Docs - Redirected "My Documents" for individual accounts to this folder with proper permissions.. My problem is that on the "Shared" folder, I would like to allow Netusers acess to read and write to all of the folders (except root share files) but not delete the folder structure. Right now, all users can log on, access and delete anythihng...how can I accomplish this? 2) My second question is related to Group Policy. I have certain restrictions set in place (the reason I created the domain in the first place) because I do not want my users to downlod Windows Upodates individually (bandwidth limitation from ISP to 60GB and I download TONS of applications and my siblings love to download (paid) music as well as watch movie extensively on Youtube. Therefore, I have disabled Windows Updates from the Group Poilcy as well as created restrictions on the accounts, enabled Quotas and a few other quirks. What I hope to also accomplish is to create a script that will automatically shut down the computers at a given time (my siblings have a nasty habit of leaving their PC's running all the time and my parent disaprove and wish for me, as "The Expert" to fix this problem accordingly. Moreover, I wish to create either a program, script or find a setting that allow my users to be automatically logged off after a certain amount of time of inactivity. Lastly, I wish to know more about Group Policies and how to implement them accordingly. I currently just modified the original Default Policy and had a case once where I locked my own Administrator out of the Network. Please excuse me for such a long post, I am just genuinely concerned and interested as well as want to earn my certification to become an MCSE. Please help me and provide any and all advice. I hope not to be a disturbance or nuisance of any sort. Thank you for taking the time to read this and have a great day! Blessings! Darin "the greatest risk is in not taking one" Darin Luckie

What are the share and NTFS permissions on the shared folders? Life's more painless for the brainless.

Thanks for responding Jennifer. On the Shared folder I have the Authenticated Users granted Full Control On the Shared Folder I have set the Netusers the Read and Execute permission. Administrators have full control Inside the subfolders (eg: Media, Documents, Downloads, etc) I have granted the users the permissions withwhich I wish for them to be associated with. For example, on the Downloads folder, I have granted Alex and Maygan permission to Modify the folder contents whereas Destiny can only Read and Execute. Furthermore I wish to allow myself the ability to do anything to these folders (thus, Full Control) and my users are still able to delete the orginal folders!!! (To test this, I copied the folder contents to my desktop, then attempted to delete the network copy, successfully) Any ideas or anything about the group policy settings? Darin Luckie

Longman, It could be that the "hierachial" permissions are allowing this to occur.Take a look at resultant set of policy and user rights and permissions. You'll find a ton of info on microsoft's technet website.

on network environment the rule is: effective permission will be that permission has less rights between NTFS and shreed permissions.for example on ABC folder shre permission is full control for user X ,and NTFS permission is READ permission for same user.if user X tries to access that ABC folder on local computer where this folder located then he/she will find full access but if he/she try to access from any other network system then he/she will find only less right mean read only. group policy if you modify default domail policy then new setting will be implement on everyone including Administrator. if you want bypass Administrator and/or other users then you should create Orginization Units as you required create/move users/groups in it.then create a new group policy for that OU. third for auto shut down best method is create BAT file inser the comand: shutdown -s save the file and set this file into schduled task day/time as you require.