NTFS, Share Folder and File permissions

Posted on 2010-01-04
Last Modified: 2012-05-08
I'm trying to work out the best file permission settings for the following scenario

I have a folder several levels down which i need to put certain permissions on... - NTFS permission are set to modify as everyone needs access to the folder and to be able to create folders and files within.. this main folder. modify permission are inherited.

they have now asked that anything created within this folder can only be deleted by that person who created it and no one else whilst preserving all other permissions.

can anyone advise which permissions I will need to set to allow/deny to make sure the above criteria is met?


Question by:PlacesForPeople
    LVL 5

    Expert Comment

    LVL 11

    Expert Comment

    by:Jon Winterburn
    If the Modify permission is inherited, then whoever has that Modify permission will be able to Delete the files/folders. Therefore it is not possible for you to change the permissions for the Creator/Owner and still leave the other permissions intact because you'd have to remove the inherited permissions of Modify for other users, else they will be inherited. Does that make sense?

    Alternatively you could add Everyone to the folders in question (leaving the inherited Modify intact) and then set Deny for Everyone, add the Creator Owner and set Allowed for that. That should work.

    See the File and folder special permissions grid here:
    LVL 38

    Accepted Solution

    Correct jonathen, the thing to remember with Share and NTFS permissions is that they work together, the most restrictive setting is the one that is used... so I've found it best to set share permissions to Everyone Full Control and then use NTFS permissions for the actual ACL's.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Email attacks are the most efficient and effective way for cyber criminals and hackers to compromise a computer or network. We often find our-self second guessing the authenticity of an email message, for such instances we can follow practical princ…
    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    In this first video of the three-part Xpdf series, we introduce and describe Xpdf, a library containing nine command line utilities that perform various functions on PDF files. We show where the library is located and how to download it, discuss its…
    This video Micro Tutorial is the second in a two-part series that shows how to create and use custom scanning profiles in Nuance's PaperPort 14.5 ( But the ability to create custom scanning profiles a…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now