I am trying to set up a file server on my my Windows 7 Pro system at home. I set up one common "Share" folder that I have shared/published. Within the share folder I want to have individual folders for me and my wife…that is only I can read/write my folder and only my wife can read/write to her folder and neither of us can read the contents of the other person's folder. Then I want to have a "public" folder where we can both read/write to contents of the folder as well as any sub-folders created, but my "kids" account can only read from this folder and sub folders. It seems really confusing to set up something like this and it really shouldn't. I am really confused between the "allow", "deny", and dimmed check boxes in the security tab.
It seems that if I "Deny" access to "Everyone" on my private folder, then I don't even have access to it. Windows security seems backwards from the rest of the world's security models. If I am in two groups and I deny access to one of the groups but allow access to the other group then Windows security denies me access as I am in one of the groups that has access disallowed. Very confusing.
Best Answer
I agree, the security tab is certainly confusing.
I think the key thing to understand is you can Deny a privilege to "everyone else" without explicitly checking the Deny box. "Deny" takes precedence over allow, so denying everyone will mean no-one has that privilege, even those to whom you explicitly grant it.
I think you want this set up;
Your folder
Your wife's folder
Shared folder
Child folders will inherit their permissions from their parents.
*Here you could optionally deny write, but as the kids user and the everyone user does not have a "check" for write, the user does not get that permission. If you wanted "everyone" to write, but not kids, this is where you would use Deny.