Hello. Can NTFS permissions prevent a user from moving or deleting a
folder in Windows 2003 Server? Please provide any adjustments to the
detailed example below.
My extensive testing has shown that:
When a user deletes a folder, the contents of that folder are deleted
first, THEN that folder's permissions are checked and obeyed. Giving
the user "deny Delete" permission on a folder prevents the folder from
being deleted AFTER its contents have been erased. A similar problem
happens when moving this folder.
Here is my test setup. I'm trying to prevent Subfolder B from being
deleted or moved. I'm allowing Users to create/delete/modify files
and folders within Subfolder B.
Parent folder A:
- Inheritance off
- Everyone has Deny Delete on "this folder and subfolders" with "Apply
to objects/containers within this container only" checked.
- Users have Allow "Read and Execute" on "this folder, subfolders,
files"
Subfolder B:
- Inheritance off
- Users have Deny Delete on "this folder only"
- Users have Allow "Read/Write/Execute" on "this folder only"
- Users have Allow Modify on "subfolders and files only"
"Parent folder A" is included because it contains many subfolders like
"Subfolder B" which need this protection. I see some inefficiency in
this which I'll try to fix.
When a user deletes Subfolder B, the files and folders it contains are
deleted, THEN the user is denied from deleting Subfolder B. How can
the folder AND its contents be protected from an attempt to delete the
folder, still allowing the user to modify the contents of the folder?
Thank you.
Bookmarks