Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

deny delete folder permissions

Posted on 2011-09-21
9
Medium Priority
?
836 Views
Last Modified: 2012-05-12
I have a folder template structure that is setup for each of my branch offices.  Currently the Root of the folder they only have read permissions to, everything must be placed into a subfolder.  They have Modify rights to the subfolders.  I want to stop them from being able to delete the initial subfolders but still have the ability to create/modify items within them.

I was hoping that the 'Apply these permissions to objects and/or contains within this container only' would solve at least my root folder issue - but that doesn't appear to.

So at the root is *Branch* Data, then it has 7 subfolders.  The Branch Data folder they only have read access to, so they can't put any items into this - everything must be placed within the subfolders.  They have Modify access to the subfolders.

But as mentioned, with those permissions they can delete the initial 7 subfolders.  How can I protect these folders while still allowing them modify rights to files within them?

(yes I know that was a bit redundant)
0
Comment
Question by:americaneldercare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36573779
Try Denying the Special permission to delete. Or give them the special permissions needed
0
 

Author Comment

by:americaneldercare
ID: 36574432
My apologies for not indicating this, I put special permission 'Deny Delete' to the Root (*Branch* Data) folder then used the 'Apply these permissions to objects and/or contains within this container only' and that did not work.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36575283
Are the permissions inherited from the root?
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 

Author Comment

by:americaneldercare
ID: 36575482
I attached a visual hoping that might help a bit as well.  The initial 'Branch Share' has Everyone: Read, Everyone: Deny Delete (apply to container only).  The 7 subfolders inherit those initial permissions, then add on "Branch - modify" (for whomever is in that particular branch).  

I was under the impression that the 'Apply to Container only' would make it so that the Branch Share and the subfolders within it would get the 'Deny: Delete' option.  And since a Deny will overwrite an allow, I thought it would prevent them from deleting the folder even though they do get 'Modify' within the folder.  That however, does not appear to be the case.

In addition (again as I understand it) if I put the same 'Apply to this container only' the Deny Delete to the subfolders it would affect the folder as well as any files within it - thus preventing the users from deleting files directly in that subfolder (subfolder1, 2, and 3 in the attachment).

 Drawing1.pdf
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36575517
When you have modify they are able to delete this is part of the permission itself there is not way around this but I thought we could pur deny delete folder and subfolder but I guess you can't
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 36579962
Not sure if this will work -- what if you add deny delete to folder and sub folders to the root directory (*Branch* Data) and apply that to the sud folders too (i.e inherit permissions) and then allow the modify right on the sub folders.
0
 

Accepted Solution

by:
americaneldercare earned 0 total points
ID: 36582309
I appear to have found the right combination of permissions.  For some reason the 'everyone' group doesn't appear to work.  But by using 'Domain Users' I was able to do DENY 'Delete' but ALLOW 'Delete subfolders and files'.

Without using the Allow they wouldn't have permission to delete subfolders/files (even though it wasn't denied).  But by using those two in combination it appears to have accomplished my need.

I have applied those permissions (individually) to each of the subfolders I don't want to be deleted.
0
 

Author Comment

by:americaneldercare
ID: 36582422
add on to that, preventing a subfolder of a subfolder from being deleted appears to be an issue.  But the initial 7 I can lock using this method.

I am still trying to figure out how to lock the other folders.

Ultimately, I am looking for a method of preventing a folder from being deleted while still allowing full access to its conents.  if anyone has a better method...
0
 

Author Closing Comment

by:americaneldercare
ID: 36895860
""
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question