deny delete folder permissions

I have a folder template structure that is setup for each of my branch offices.  Currently the Root of the folder they only have read permissions to, everything must be placed into a subfolder.  They have Modify rights to the subfolders.  I want to stop them from being able to delete the initial subfolders but still have the ability to create/modify items within them.

I was hoping that the 'Apply these permissions to objects and/or contains within this container only' would solve at least my root folder issue - but that doesn't appear to.

So at the root is *Branch* Data, then it has 7 subfolders.  The Branch Data folder they only have read access to, so they can't put any items into this - everything must be placed within the subfolders.  They have Modify access to the subfolders.

But as mentioned, with those permissions they can delete the initial 7 subfolders.  How can I protect these folders while still allowing them modify rights to files within them?

(yes I know that was a bit redundant)
americaneldercareAsked:
Who is Participating?
 
americaneldercareConnect With a Mentor Author Commented:
I appear to have found the right combination of permissions.  For some reason the 'everyone' group doesn't appear to work.  But by using 'Domain Users' I was able to do DENY 'Delete' but ALLOW 'Delete subfolders and files'.

Without using the Allow they wouldn't have permission to delete subfolders/files (even though it wasn't denied).  But by using those two in combination it appears to have accomplished my need.

I have applied those permissions (individually) to each of the subfolders I don't want to be deleted.
0
 
Darius GhassemCommented:
Try Denying the Special permission to delete. Or give them the special permissions needed
0
 
americaneldercareAuthor Commented:
My apologies for not indicating this, I put special permission 'Deny Delete' to the Root (*Branch* Data) folder then used the 'Apply these permissions to objects and/or contains within this container only' and that did not work.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Darius GhassemCommented:
Are the permissions inherited from the root?
0
 
americaneldercareAuthor Commented:
I attached a visual hoping that might help a bit as well.  The initial 'Branch Share' has Everyone: Read, Everyone: Deny Delete (apply to container only).  The 7 subfolders inherit those initial permissions, then add on "Branch - modify" (for whomever is in that particular branch).  

I was under the impression that the 'Apply to Container only' would make it so that the Branch Share and the subfolders within it would get the 'Deny: Delete' option.  And since a Deny will overwrite an allow, I thought it would prevent them from deleting the folder even though they do get 'Modify' within the folder.  That however, does not appear to be the case.

In addition (again as I understand it) if I put the same 'Apply to this container only' the Deny Delete to the subfolders it would affect the folder as well as any files within it - thus preventing the users from deleting files directly in that subfolder (subfolder1, 2, and 3 in the attachment).

 Drawing1.pdf
0
 
Darius GhassemCommented:
When you have modify they are able to delete this is part of the permission itself there is not way around this but I thought we could pur deny delete folder and subfolder but I guess you can't
0
 
Lionel MMSmall Business IT ConsultantCommented:
Not sure if this will work -- what if you add deny delete to folder and sub folders to the root directory (*Branch* Data) and apply that to the sud folders too (i.e inherit permissions) and then allow the modify right on the sub folders.
0
 
americaneldercareAuthor Commented:
add on to that, preventing a subfolder of a subfolder from being deleted appears to be an issue.  But the initial 7 I can lock using this method.

I am still trying to figure out how to lock the other folders.

Ultimately, I am looking for a method of preventing a folder from being deleted while still allowing full access to its conents.  if anyone has a better method...
0
 
americaneldercareAuthor Commented:
""
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.