Modify but not delete permissons

Posted on 2007-10-09
Last Modified: 2013-12-04

I am having a specific issue with regards to granting permissions on an NTFS shared drive on our server. We are currently moving towards EDM, and so needed to create a file storage structure for users to store all documents on specific clients in particular folders. We need users of these directories to be able to add documents, edit documents, add folders, and change the names of both files and folders. The only permission we don't want to grant is the ability to delete folders or files.

Now i thought this would be fairly trivial, as we already had all the permissions groups created, and i thought all we would need to do is edit the advanced NTFS permissions for this group and deny the "delete" and "delete subfolders & files" permissions. I have done this, and true enough deletion is denied, but when i create a new folder for example, i can not name this folder.

I do understand that there may be issues with users who try to execute MS documents straight from the archive, as the application won't be able to delete the temporary files created. If this is the case then i may have to draft policy on managing and editing these documents, but not being able to name or rename files or folders is particularly frustrating as i need the users to take some responsibility for creating some of the lower level file structures as an ongoing improvement process.

This is really strange to me as the write permissions, in fact all other permissions, are allowed - so i can't see why this doesn't work.

Any help again muchly appreciated, thanks for all your time in advance.

Question by:liam79
    LVL 4

    Accepted Solution

    In NTFS-land, removing the Delete permission prevents a user from renaming the file/directory. If you grant Modify permission, this includes delete which then allows renaming.

    To sum it up, you cannot deny Delete if you want them to be able to rename. That's NTFS for you.
    LVL 4

    Expert Comment

    (As an aside, this is probably rooted in the fact that renaming is seen as 'deleting' the old file - if you don't want someone to delete a particular file, it would stand to reason that you don't want them renaming it either... if I have Document1.doc and want to prevent deletion, someone could rename it to config.sys and it may as well be deleted as far as the rest of the world is concerned.)

    Author Comment

    Terrible news. Thanks very much though, especially the follow comment explaining the logic :)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
    As a Mac user and former AppleCare AHA & Senior Advisor, I'm constantly bombarded with questions about Macs and if they need Antivirus. This short article is my response to those questions.
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now