Avoid delete folders and file on a network share / Not able to save excel files Error message can not save the “file name” the folder is mark as a read only .

I am trying to accomplish the following task

1) Avoid users to delete and move folders and files on a network share on a windows platform with a Dell server running SBS 2003 service pack 2, all the client are XP professional with service pack 2

They should be able to do everything with the exception of moving folders, due to the fact that folders on that share  get always moved and lost by mistake of the users. I have already created the group , and deny delete and delete subfolder and files.

This option is not working for me because is having like side effects, allow me to explain.

Once the deny delete and delete subfolder is applied

1) Users can not delete files and folder – First task accomplish

2) Users can not move a folder into another folder – Second task accomplish  at 50% becasue a message display access denied which is wan I want but it creates an empty folder with the same name of the source folder inside the destination folder   – This  folder  it can not be delete an creates confusion for the user and  they start filing in the wrong location = How could this be avoided the creation of an empty folder at the destination folder?

With files it works beautifull access denied and that is

3)  My main concern now is that all the files created under the share  folder  respond to the deny option  with the execption of excel. It display an error message    Error message can not save the “file name” the folder is mark as a read only .

4) User can not move or delete files inside the share but they can creates copies on theirs desktop – for security could this be control it.

Thanks in advance
Who is Participating?
Rich RumbleConnect With a Mentor Security SamuraiCommented:
The delete permission is so that the "temporary file" that word/excel create when you open a doc, can be deleted after you close the doc.
http://support.microsoft.com/kb/211632/EN-US/ (same for excel)
M$ asumes your going to make nightly back-ups of important files, as well as turn up the Auditing/event log settings.
First ... some background

When you share file and folders resources you have two level of permissions. The first level is the share level permissions. The second is the NTFS level permissions. When you share a folder, the most restrictive one will apply. Say for instance you have read only share permission but full access ntfs permissions for everyone, when that resource will be accessed through the network, it would still be READONLY.

A best practice is to specify full access for "Authenticated Users" for the share permissions and restrict rights locally, using NTFS permissions. I can point you at the moment two reasons why doing so is better:

1. It's easier, as you would focus on ntfs permissions only
2. It's easier to debug/troubleshoot problems
3. It's more secure
4. You are both restricting network access and local access (imagine if you didn't do so, you would for instance specify readonly for userx, but then, if userx gets physical access to the actual server, he/she will be able to access the files/folders).

Now, back to your problem

To deny delete/moving files and folders, assingn the "modify" permission accordingly. Antoher thing with office files is to make sure you don't have the same file open by another user or process.

Let me know how it goes ...

musiquito2001Author Commented:
Don Rafael Acc;

Thanks for replying to my message, I have already try your suggestion and is not working. This is the scenario:

At the share level full control to "authenticated users” at the NTFS level I have grant:

Read & execute
List folder contents

Special permission = Go to the advance tab and:

Deny             Delete subfolders and files
Deny             Delete

To the authenticated users.

This combination it works fine so far for Microsoft word, however when I try to create and save other type of files like excel and I just notice that power point also behave the same way. The error message is

The file "name of the file.ppt" already exits. Do you want to replace exiting file

Yes No

I select yes

A message appear the folder is marked as read only


I do invite you to try it just create a folder on your desktop and apply those setting to your account and you will see.

There must be a solution

I wonder where the problem reside, and if there is another way to achieve the task which is:

Avoid all users to move files and folder that they create on a network share. It just happened again a user it has delete an excel file with the master calculation. My boos is on my but.  I need to fix this situation ASAP.

Any suggestion is well appreciated



Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!


I don't need to test it. I do this on a regular basis. You must be missing something and unfortunately, by not being there, I can't really provide you an "out of the box" solution to your problem. However, I will try to go through this with you and see what else I can do to help you.

1. could you please make sure you don't have that folder/files marked as readonly??
2. Does this problem happen with Ms Office files only or anyother files as well?

To do that, you should right-click on the fodler and check the General tab. Look for the ReadOnly attribute ... Is it checked?

musiquito2001Author Commented:

Hi Rafael;

To answer your question.

1. could you please make sure you don't have that folder/files marked as readonly??

I have already try it out using the administrator account and ownwer of the folder, remove the attribute read only and applied to all folder, dub folder and files. Click okey


2. Does this problem happen with Ms Office files only or anyother files as well?

So far only with power excel and power point files extension.

I have try with all others format, word, bitmap, jpeg, etc and it works fine

If you want i could accomodate and allow you to connect remotly and take a look. If it is possible of course, we could make an appoitment

Please advise



Just le
I'm not sure if I'm breaking any rules of this site by doing this but if you could manage to give remote access, I could at least take a look. However, since this is happening with some MS Office files only, all I can think of at the moment is that this could be a issue with Office files actualy and not permissions related ...

On my website (which can be found in my profile's page) you can find my email address in case you want to get a more personalised advice.

Rich RumbleSecurity SamuraiCommented:
>I'm not sure if I'm breaking any rules of this site by doing this but if you could manage to give remote access
   You would be breaking the MA/EULA, please don't proceed down that path.

Since your using 2003, hopefully SP1... if you don't want users to view folders or files they are not supposed to have access to try this utility from M$, for 2003, SP1

These are the rights required to have M$ Office files operate properly
musiquito2001Author Commented:

Hi Rich;

Thanks for the input,

The first link for the utility of M$ which is fine but at the present time is not need it.

The second link is the want that I am interested, the rights required to have M$ Office files operate properly.

However is the same link as the first one pointing to download the M$ utility.

Can you please send me the correct one? I would appreciate.



Rich RumbleSecurity SamuraiCommented:
musiquito2001Author Commented:


Look what i found on the microsoft web site. Acording to this I need to allow the DELETE permission. This situation is contradicted because with that perision the user will be able to move the file and delete it as well. It brings me back to square 1. I wonder how microsoft deal with type of situation, there must be a way. I do what that the files on the network share are not protected. I dont know what to do. Any sugestion?

Restricted permissions
When you save an Excel file to a network drive, you must have the following permissions to the folder where you are saving the file:

• Read permissions
• Write permissions
• Rename permissions
• Delete permissions
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.