Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ACL Access

Posted on 2004-03-24
1
367 Views
Last Modified: 2010-04-19
We have a windows 2003 file server (Also DC). Users connect to a data share on the srever. The share permissions are set to "Full Control" for all users. The security permissions for the file system are set with special permissions for users:
Traverse Folder
List Folder
Read Attributes
Read extended attributes
Read Permisions

These equate to a "List Folder Contents" ACL in the main ACL screen.

Below the shared folder are a number of departmental folders e.g. Finance, Purchasing etc.

What we are trying to achieve is that people have all access to their relevant folder (controlled via departmental group access) but cannot delete any files. The main reason for this is that a Finance user could inadvertantly (?) select the finance folder within the share and delete the entire contents. We can restrict the folder from deleteion but that will still allow the contents to be removed before failing at the folder level.

We can deny the delete access by removing the "Delete" and "Delete subfolders and files" permissions from the special permissions section. However if we do that users cannot rename files or save them under a different name. Removing the "Delete" permission also removes the "Modify" permission!!

Is there a way to achieve both goals i.e. prevent file deleteion but still allow users the flexibility of renaming or performing a "Save as" for files?

0
Comment
Question by:johndawsonbooth
1 Comment
 
LVL 16

Accepted Solution

by:
JamesDS earned 300 total points
ID: 10670445
Sorry but no:

A rename action is effectively the same as copy to a new filename and delete the original
Anything that allows a modify must also allow a delete as a user could simply open the file and empty the contents

As an alternative I suggest you look at the volume shadow copy service to protect accidentally deleted files/folders and/or perhaps an enterprise undelete tool as offered by may vendors

Cheers

JamesDS
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question