This process is to be used to stop users from moving an access-controlled share to somewhere else within other directories they have access to. It makes slightly different use of the traverse folder in the standard setup and should be separate from any other traverse security groups used on the folder to access deeper shares because of the nature of the access granted.

To create the share is fairly simple:

1.       Create two security groups for the folder that you want to restrict moving. The security groups should follow the standard convention:

a.       SOM<Dept ID>_<Folder Name>_M

b.       SOM<Dept ID>_<Folder Name>_W

c.       Instead of creating a standard traverse group we’re creating a write group.

2.       Add SOM<Dept ID>_<Folder Name>_M as a member of SOM<Dept ID>_<Folder Name>_W

3.       Add SOM<Dept ID>_<Folder Name>_W as a member of the appropriate parent traverse group.

4.       Open the security permissions of the folder you wish to set this access up for and go to the advanced options.

5.       In the advance window click add

2.       Click Select a principal

3.       Add the SOM<Dept ID>_<Folder Name>_M group and select ok.

4.       Give this group modify permissions to folder and set Applies to “Subfolders and files only” and press ok

5.       Repeat steps 5 and 6

6.       Add SOM<Dept ID>_<Folder Name>_W and select ok

7.       Give this group Read & Execute, List folder contents, read, and write permissions and set Applies to “This folder only”

Apply permissions and then add the users to access the folder and it’s contents to the SOM<Dept ID>_<Folder Name>_M group and apply.