I need to better understand NTFS Folder and File permissions so that I can better protect a folder from deletion.
In the uploaded file: "Folder.gif", you can see the contents of the "ITOPS" folder. I hope to use this folder for IT resources (documentation, tools, apps, etc). It contains several "test" folders and files, along with an "SA" (SysAdmin) folder and a "DS" (Desktop Support) folder.
I am using three security groups to control permissions: ITOPS, ITOPS_SA, and ITOPS_DS. Both the ITOPS_SA and ITOPS_DS groups are members of the ITOPS group.
I am also using "ABE" (Access-Based Enumeration) to control what's visible and accessible. The ITOPS_SA group is applied to the SA folder, the ITOPS_DS group is applied to the DS folder, and the ITOPS group is applied to the ITOPS folder. As a result of ABE, "DS" folks can see and access all but the "SA" folder, and "SA" folks can see and access all but the "DS" folder.
What I hope to accomplish is to protect the DS and SA folders from deletion by their respective group members while at the same time keeping the rest of the contents of the ITOPS folder under full control by either group.
I want to make the contents of this folder