Restrict domain users from deleting a shared file or folder

Posted on 2006-04-25
Last Modified: 2010-04-18
Hello, everybody!
Recentlly we had an incident with involuntary deleting of 800MB from MS Server 2003 by a domain user. We have a drive with NTFS which is shared for domain users and they should be able to create, read, write, modify files and folders, but not deleting them. I have tried with deny a file or folder delete through security tab, but then users can't modify. My idea was to deny only deleting of files, and if some user nonaccidentally wants to delete a file or folder - just to rename it with 4 zeros infront. Then in the end of the day an automatic script will run which will search files and folders with 4 zeros begining and delete them. Yes but NO, denying a file delete automaticaly deny file rename.
Please give me an advise how to prevent domain users from accidentaly deleting files from this drive, and in the same time to have all file/folder functionality.
10x a lot in advance!
Question by:mi6o
    LVL 2

    Accepted Solution

    Hi mi6o,
    you can deny deleting files and allow modify but at the same time you will be denied to rename them (rename = delete)

    from the security tab click on "Advanced" button, chose the user, click edit, and then change the "delete" permision.

    Thanks & Best Regards
    LVL 9

    Expert Comment

    before everythin you have to think follwing option with NTFS permision

    1) this going to do folder level or file level
    2) users can add and file but cannot detete ?
    3) allowing to owner to delete file or owner also cannot delete  ? but i recomend owner can delete file.

    before configure this setup , test it with another normal XP workstation (with NFTS)
    will assume administrator have full control

    create a folder as "test 1" on  xp

    folder properties >security >advanced >untick " inhirit from the perent ..." > click copy  > next remove all user and group except administrators ,domain users (if domain user not avliable then add domain users)

    domain user does not have full control of modify control

    above system only owner can delete  document ( but others cannot  modify).

     but i think modifiy permission need for all domain users.(otherwise sharing concept will not effect)

    using "speacial permision" you  you can finish you request
    click advanced  tab select  domain users > edit  >  tick  deny   "delete subfolder and file "

    to check this system for users you can use "effective permision"

    NTFS permision  little bit complex but you can ask question


    LVL 4

    Expert Comment

    Make sure Creater Owner does not have delete ability just modify.  

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now