NTFS Permissions - Create Files/Folder no delete

Goal: Allow a group to create files & folders in a share, but do not allow them to delete files or subdirectories (even ones they created).

Issue: unless they have "delete" they cannot rename the files/folders.  Apparently the rename option does not really allow them to rename unless delete is checked.  If they have delete they can delete their own items they've created and we don't want that.

Tested the Share rights with both:  Read/Modify and read only
NTFS permissions: all except delete, delete files and folders, change permissions, and take ownership.  Given this, the user is supposed to be able to rename files/folders.

Observed: "delete" must be checked to rename files/folders on the share.

Is this the way it works or am I missing something?

katfpiAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hypercat (Deb)Commented:
Just tested this on my system and you are correct.  Apparently, removing Delete and Delete Files and Folders from the NTFS permissions prevents changing the file/folder name.  Weird....BTW, just so you know, if you check both of these items, you also can't move a file/folder, so this must be the same issue.  I guess renaming the folder must trigger a background copy / paste with new name / delete original folder action.  I know this is what move does - the background action is really to copy the original folder / delete the original folder / paste the copy into the new location.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikeleebrlaCommented:
no you are not missing anything.  As long as a user has 'modify' rights (which most will have so they can edit files) then they can also delete them (and also move them elsewhere by the way).  That is just the way the OS is designed.  Wierd i know.


>>(even ones they created).
if they created it, then they are the 'owner' and can do whatever they please.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.