Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

NTFS permissions. Prevent root directory from being deleted.

Posted on 2007-12-02
4
Medium Priority
?
866 Views
Last Modified: 2008-02-01
Hi All,

I'm after your opinions on the following.

I have a folder e:\templates. This folder contains all the word doc templates for the company organised into sub-folders. All the sub-folders and files receive their permissions through inheritance.

There are 2 groups of users for this folder: dlg_templatesREAD and dlg_templatesMODIFY

The dlg_templatesREAD group has the following permission setup.
e:\templates (This folder, sub-folder, files)
dlg_templatesREAD   List Folder Contents
                                  Read

The dlg_templatesMODIFY group need to be to create\edit and delete folders and files except delete the e:\templates root folder. This group has the following permission setup:
e:\templates (This folder)
dlg_templatesMODIFY DENY Delete
e:\templates (This folder, sub-folders, files)
dlg_templatesMODIFY   Modify

I have tested a number of different permission configurations but the above seems to work the best. (I do know that deny is bad practice)

Does anybody have any suggestions?.

Thanks in advance.

0
Comment
Question by:ReefIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 25

Expert Comment

by:imitchie
ID: 20393283
That setup looks right based on your requirement. Deny only the single permission "Delete" (current Folder).
0
 

Expert Comment

by:tigs81
ID: 20393608
I would set it up so that both groups have read and excute on This folder, sub-folder, files for the permissions for the e:\templates folder.
Then have setup within the permissions on e:\templates folder
dlg_templatesMODIFY,  give modify permissions on subfolders and files only

this means that there is no deny permission used and also allows users in other groups to be able to delete the e:\templates folder as required eg domain admins, assuming that it is also in the permissions as full control.
0
 
LVL 10

Expert Comment

by:Cro0707
ID: 20393651
Why you don't simple turn off object inherit from parent on e:\templates and set permission manualy?

Hope this help.
0
 
LVL 25

Accepted Solution

by:
imitchie earned 2000 total points
ID: 20393665
My assumption was that the questioner is setting up a root folder, and to give the MODIFY group full permissions on all child folders (which can incidentally be created and deleted at will).  Removing inheritance will be too much of a pain. But to Deny them the one thing they cannot do (delete root) makes the most sense.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question