Which ACL priviledges to allow add & rename files & folders, but not overwrite or delete.

I'm stuck.  How can I configure Windows permissions to allow and deny the following actions?  I would prefer to not use the "Deny" flags unless I have to.

ALLOWED
Create folder (or subfolder)
Rename folder (or subfolder)
Delete empty folder (nice to have, but optional)
Create file (in a folder or subfolder)
Rename files(in a folder or subfolder)
Read file
Copy file (to another location)
DENIED:
Overwrite file.
Delete file
Change file content.
Append to file.

SPECIAL:
An owner has no additional rights to a file she creates.  (I assume removing CREATOR OWNER from the folder root will accomplish this part).
LarryHennigAsked:
Who is Participating?
 
CrashDummy_MSConnect With a Mentor Commented:
You can't achieve all the goals with NTFS permissions. For all the requirements except blocking overwrite and change content, this should work:

-Full Control
+Traverse Folder/Execute File
+List Folder/Read Data
+Read Attributes
+Read Extended Attributes
+Create Files/Write Data
-Create Folders/Append Data
+Write Attributes
+Write Extended Attributes
-Delete
+Read Permissions
-Change Permissions
-Take Ownership
0
 
LarryHennigAuthor Commented:
Thanks.  I'll give it a try!
0
 
LarryHennigAuthor Commented:
I have THREE times accepted ChrashDummy's answer as the solution, but it is not taking effect.
0
 
LarryHennigAuthor Commented:
CrashDummy's answer worked for me.
0
All Courses

From novice to tech pro — start learning today.