• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 148
  • Last Modified:

How do I stop a directory from being deleted, but allow files to be deleted.

Hi.

I have a script which takes files from a folder and puts them into an archive based upon the date and time (that's the basics).

If the folder does not exist it is created.

The file is available to users to amend.

Ideally, I'd like to not allow them to be able to delete the file, but unfortunately, the tool used to amend the file, creates a temp file, deletes the existing file and then renames the temp file to the original filename as its "save amended" data method.

Is there a command I can issue which will only allow the creator and domain admins the ability to delete the folders that have been created.

The command will be incorporated into the script.

The script file is a BAT/CMD and is run unattended.

Alternatively, is there something I can do to the root of the folders which propogates down the folder chain for all existing and new folders so that only domain admins and the creator can delete the folder.

This must not interfere with file permissions.

Thanks in advance,

Richard Quadling
0
Richard Quadling
Asked:
Richard Quadling
  • 3
  • 2
1 Solution
 
matrixnzCommented:
Within NTFS Security Permissions for a folder -  Advanced - if you select the Domain Users or the Group you wish to apply Security filtering and click Edit you get a whole subset of allowed/disallowed switches including denying deleting the folder.

Hope that helps.

Cheers
0
 
Richard QuadlingSenior Software DeverloperAuthor Commented:
Aren't Domain/Admins also Domain/Users?

If I deny delete to Domain/Users, won't Domain/Admins also not be able to delete?
0
 
matrixnzCommented:
No you have two separate groups Domain Admins and Domain Users, members of the Domain Admin Group should only be privledge users like the Domain Administrator etc.. these Users wouldn't/shouldn't be made members of the Domain Users Group.

Cheers
0
 
Richard QuadlingSenior Software DeverloperAuthor Commented:
Ha. All our admins are ALSO domain users.

Ah.

Just looking at AD.

All the admins are in their own AD group.

The user group is called "Our Users". Those are the people I want to not allow delete rights to.
0
 
Richard QuadlingSenior Software DeverloperAuthor Commented:
Thanks.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now