NTFS Permissions to allow delete of file, but not delete of file if done from containing folder

Posted on 2009-03-30
Medium Priority
Last Modified: 2013-12-02
Our file server contains many MS Word and Excel files, which need to be able to be deleted to allow editing. ie temp doc with changes. On save the old file is deleted. The new one is renamed with filename.

I have set for only files to be able to be deleted, but not folders. The issue arises that if someone clicks delete on the folder containing  the files then the files delete until an error pops up when a folder or the containing folder cannot be deleted.
* This also occurs if an accidental drag and drop of a folder is made and contents are moved until a folder that cannot be moved is reached.

 Is there a way to only allow files to be deleted if they are explicitly selected for deletion?
Question by:littlehogarth
  • 2
  • 2
LVL 18

Accepted Solution

BigSchmuh earned 2000 total points
ID: 24062052
You can set NTFS permissions on files depending on the ACL (Access control List is a list of Users, Groups and SpecialSystemComponents and their specific rights on each files/folders)

The user/group/context does not change depending on a "File selection"...so NTFS permissions can NOT DO what you want it to :-(

One smart hack can be to create a zero length hidden non-deletable file named !!!.txt in every folder.
==> ! is ascii (33) and will be moved/deleted at the earliest stage possible...thus blocking every "folder move/deletion"

Author Comment

ID: 24256852
Thanks mate, your hack of using !!!.txt works ok. Trust Microsoft to create file types that need delete capability just to edit. Fits nicely with their NTFS file permissions.

The issue remains that if a user accidently drags a folder (1) and drops it on to another folder (2) then a new folder (copy of 1) is created in folder (2) even though the !!!.txt stops any files from transferring.
Therefore I get:
C:/folder 1/(files)
C:/folder 2/folder 1/(empty)        

Another issue is how to assign permissions to !!!.txt so the owner of the folder can still move the folder.  
LVL 18

Expert Comment

ID: 24258147
Can you write an admin procedure to periodically scan the full drive seeking for :
-empty folders to be deleted (you don't care if this is not a copy because an empty folder is always a very frustrating folder)
-folders without their !!!.txt...assigning specific NTFS permissions (depending on folder owner) to it

Using WSH or VBA or any script based languages would perfectly worked and allow for a basic maintenance.

Author Closing Comment

ID: 31618487
Thanks BigSchmuh. Great suggestions. I'll flex my scripting muscle and see if I can get a positive result.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Hello, As I have seen there a lot of requests regarding monitoring and reporting for exchange 2007 / 2010 / 2013 I have decided to post some thoughts together and link to articles that have helped me. Of course a lot of information you can get…
In this blog, we’ll look at how improvements to Percona XtraDB Cluster improved IST performance.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question