[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Restrict domain users from deleting a shared file or folder

Posted on 2006-04-25
Medium Priority
Last Modified: 2010-04-18
Hello, everybody!
Recentlly we had an incident with involuntary deleting of 800MB from MS Server 2003 by a domain user. We have a drive with NTFS which is shared for domain users and they should be able to create, read, write, modify files and folders, but not deleting them. I have tried with deny a file or folder delete through security tab, but then users can't modify. My idea was to deny only deleting of files, and if some user nonaccidentally wants to delete a file or folder - just to rename it with 4 zeros infront. Then in the end of the day an automatic script will run which will search files and folders with 4 zeros begining and delete them. Yes but NO, denying a file delete automaticaly deny file rename.
Please give me an advise how to prevent domain users from accidentaly deleting files from this drive, and in the same time to have all file/folder functionality.
10x a lot in advance!
Question by:mi6o

Accepted Solution

fahhudi earned 375 total points
ID: 16540107
Hi mi6o,
you can deny deleting files and allow modify but at the same time you will be denied to rename them (rename = delete)

from the security tab click on "Advanced" button, chose the user, click edit, and then change the "delete" permision.

Thanks & Best Regards

Expert Comment

ID: 16542060
before everythin you have to think follwing option with NTFS permision

1) this going to do folder level or file level
2) users can add and file but cannot detete ?
3) allowing to owner to delete file or owner also cannot delete  ? but i recomend owner can delete file.

before configure this setup , test it with another normal XP workstation (with NFTS)
will assume administrator have full control

create a folder as "test 1" on  xp

folder properties >security >advanced >untick " inhirit from the perent ..." > click copy  > next remove all user and group except administrators ,domain users (if domain user not avliable then add domain users)

domain user does not have full control of modify control

above system only owner can delete  document ( but others cannot  modify).

 but i think modifiy permission need for all domain users.(otherwise sharing concept will not effect)

using "speacial permision" you  you can finish you request
click advanced  tab select  domain users > edit  >  tick  deny   "delete subfolder and file "

to check this system for users you can use "effective permision"

NTFS permision  little bit complex but you can ask question



Expert Comment

ID: 16559293
Make sure Creater Owner does not have delete ability just modify.  

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question