Restrict domain users from deleting a shared file or folder

Hello, everybody!
Recentlly we had an incident with involuntary deleting of 800MB from MS Server 2003 by a domain user. We have a drive with NTFS which is shared for domain users and they should be able to create, read, write, modify files and folders, but not deleting them. I have tried with deny a file or folder delete through security tab, but then users can't modify. My idea was to deny only deleting of files, and if some user nonaccidentally wants to delete a file or folder - just to rename it with 4 zeros infront. Then in the end of the day an automatic script will run which will search files and folders with 4 zeros begining and delete them. Yes but NO, denying a file delete automaticaly deny file rename.
Please give me an advise how to prevent domain users from accidentaly deleting files from this drive, and in the same time to have all file/folder functionality.
10x a lot in advance!
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi mi6o,
you can deny deleting files and allow modify but at the same time you will be denied to rename them (rename = delete)

from the security tab click on "Advanced" button, chose the user, click edit, and then change the "delete" permision.

Thanks & Best Regards

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
before everythin you have to think follwing option with NTFS permision

1) this going to do folder level or file level
2) users can add and file but cannot detete ?
3) allowing to owner to delete file or owner also cannot delete  ? but i recomend owner can delete file.

before configure this setup , test it with another normal XP workstation (with NFTS)
will assume administrator have full control

create a folder as "test 1" on  xp

folder properties >security >advanced >untick " inhirit from the perent ..." > click copy  > next remove all user and group except administrators ,domain users (if domain user not avliable then add domain users)

domain user does not have full control of modify control

above system only owner can delete  document ( but others cannot  modify).

 but i think modifiy permission need for all domain users.(otherwise sharing concept will not effect)

using "speacial permision" you  you can finish you request
click advanced  tab select  domain users > edit  >  tick  deny   "delete subfolder and file "

to check this system for users you can use "effective permision"

NTFS permision  little bit complex but you can ask question


Make sure Creater Owner does not have delete ability just modify.  
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.