Solved

NTFS Permissions - Create Files/Folder no delete

Posted on 2007-03-19
2
2,772 Views
Last Modified: 2013-12-05
Goal: Allow a group to create files & folders in a share, but do not allow them to delete files or subdirectories (even ones they created).

Issue: unless they have "delete" they cannot rename the files/folders.  Apparently the rename option does not really allow them to rename unless delete is checked.  If they have delete they can delete their own items they've created and we don't want that.

Tested the Share rights with both:  Read/Modify and read only
NTFS permissions: all except delete, delete files and folders, change permissions, and take ownership.  Given this, the user is supposed to be able to rename files/folders.

Observed: "delete" must be checked to rename files/folders on the share.

Is this the way it works or am I missing something?

0
Comment
Question by:katfpi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 25 total points
ID: 18750709
Just tested this on my system and you are correct.  Apparently, removing Delete and Delete Files and Folders from the NTFS permissions prevents changing the file/folder name.  Weird....BTW, just so you know, if you check both of these items, you also can't move a file/folder, so this must be the same issue.  I guess renaming the folder must trigger a background copy / paste with new name / delete original folder action.  I know this is what move does - the background action is really to copy the original folder / delete the original folder / paste the copy into the new location.
0
 
LVL 25

Assisted Solution

by:mikeleebrla
mikeleebrla earned 25 total points
ID: 18750864
no you are not missing anything.  As long as a user has 'modify' rights (which most will have so they can edit files) then they can also delete them (and also move them elsewhere by the way).  That is just the way the OS is designed.  Wierd i know.


>>(even ones they created).
if they created it, then they are the 'owner' and can do whatever they please.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The question has been asked on multiple occasions as to how best to do printing in a remote desktop or terminal services environment.   It seems that this particular question has plagued several people and most especially as Terminal Services, as…
On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question