need to set file permissions so users can't delete file on windows 2000 server

pele4483
pele4483 used Ask the Experts™
on
i need to protect a file from being deleted by specific users.  I have a databse file that everyone can access (R/w) but i want to protect the file froom being deleted by these users.  I experimented with a test file.   i went into the security tab for that file and unchecked the box (allow inheritable permissions from parent), so i could play with the advanced settings since delete was in that group. I added a user in this case everyone just for testing.  then i chekd the delete and delete sub folders and file check box, did my applies and tried it out. The system let me delete the file.  Don't know what i did wrong!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Hello,
When you tried this were logged in as administrator or a test user?
When you clicked "delete and delete sub folders and file check box" did
you click it under the deny column?

Also if this is an XP machine see what the effective permissions tab shows.

to take another look at permissions you can use this utility from Sysinternals
AccessEnum
http://www.sysinternals.com/ntw2k/source/accessenum.shtml
Commented:
There's a lot of things about file and directory permissions which aren't intuitive at first...

1) Make sure the users aren't also in some other group that has different permission
2) Write permission on the file has nothing to do with delete permission on the directory
3) Delete permission is set at the directory level (not the file level)
4) File permissions take precidence over directory permission
5) Write permission without Delete permission will still allow a malicous user to overwrite the file with junk

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial