How do I stop a directory from being deleted, but allow files to be deleted.

Posted on 2007-08-06
Last Modified: 2013-12-04

I have a script which takes files from a folder and puts them into an archive based upon the date and time (that's the basics).

If the folder does not exist it is created.

The file is available to users to amend.

Ideally, I'd like to not allow them to be able to delete the file, but unfortunately, the tool used to amend the file, creates a temp file, deletes the existing file and then renames the temp file to the original filename as its "save amended" data method.

Is there a command I can issue which will only allow the creator and domain admins the ability to delete the folders that have been created.

The command will be incorporated into the script.

The script file is a BAT/CMD and is run unattended.

Alternatively, is there something I can do to the root of the folders which propogates down the folder chain for all existing and new folders so that only domain admins and the creator can delete the folder.

This must not interfere with file permissions.

Thanks in advance,

Richard Quadling
Question by:RQuadling
    LVL 29

    Accepted Solution

    Within NTFS Security Permissions for a folder -  Advanced - if you select the Domain Users or the Group you wish to apply Security filtering and click Edit you get a whole subset of allowed/disallowed switches including denying deleting the folder.

    Hope that helps.

    LVL 40

    Author Comment

    Aren't Domain/Admins also Domain/Users?

    If I deny delete to Domain/Users, won't Domain/Admins also not be able to delete?
    LVL 29

    Expert Comment

    No you have two separate groups Domain Admins and Domain Users, members of the Domain Admin Group should only be privledge users like the Domain Administrator etc.. these Users wouldn't/shouldn't be made members of the Domain Users Group.

    LVL 40

    Author Comment

    Ha. All our admins are ALSO domain users.


    Just looking at AD.

    All the admins are in their own AD group.

    The user group is called "Our Users". Those are the people I want to not allow delete rights to.
    LVL 40

    Author Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now