Solved

NTFS Permissions - Create Files/Folder no delete

Posted on 2007-03-19
2
2,771 Views
Last Modified: 2013-12-05
Goal: Allow a group to create files & folders in a share, but do not allow them to delete files or subdirectories (even ones they created).

Issue: unless they have "delete" they cannot rename the files/folders.  Apparently the rename option does not really allow them to rename unless delete is checked.  If they have delete they can delete their own items they've created and we don't want that.

Tested the Share rights with both:  Read/Modify and read only
NTFS permissions: all except delete, delete files and folders, change permissions, and take ownership.  Given this, the user is supposed to be able to rename files/folders.

Observed: "delete" must be checked to rename files/folders on the share.

Is this the way it works or am I missing something?

0
Comment
Question by:katfpi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 25 total points
ID: 18750709
Just tested this on my system and you are correct.  Apparently, removing Delete and Delete Files and Folders from the NTFS permissions prevents changing the file/folder name.  Weird....BTW, just so you know, if you check both of these items, you also can't move a file/folder, so this must be the same issue.  I guess renaming the folder must trigger a background copy / paste with new name / delete original folder action.  I know this is what move does - the background action is really to copy the original folder / delete the original folder / paste the copy into the new location.
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 25 total points
ID: 18750864
no you are not missing anything.  As long as a user has 'modify' rights (which most will have so they can edit files) then they can also delete them (and also move them elsewhere by the way).  That is just the way the OS is designed.  Wierd i know.


>>(even ones they created).
if they created it, then they are the 'owner' and can do whatever they please.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Case Summary: In this Article we introduce the new method to configure the default user profile using Automated profile copy with sysprep rather than the old ways such as the manual copy of a configured profile to default user profile Old meth…
Remote Desktop Protocol or RDP has become an essential tool in many offices. This article will show you how to set up an external IP to point directly to an RDP session. There are many reasons why this is beneficial but perhaps the top reason is con…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question