?
Solved

deny delete folder permissions

Posted on 2011-09-21
9
Medium Priority
?
827 Views
Last Modified: 2012-05-12
I have a folder template structure that is setup for each of my branch offices.  Currently the Root of the folder they only have read permissions to, everything must be placed into a subfolder.  They have Modify rights to the subfolders.  I want to stop them from being able to delete the initial subfolders but still have the ability to create/modify items within them.

I was hoping that the 'Apply these permissions to objects and/or contains within this container only' would solve at least my root folder issue - but that doesn't appear to.

So at the root is *Branch* Data, then it has 7 subfolders.  The Branch Data folder they only have read access to, so they can't put any items into this - everything must be placed within the subfolders.  They have Modify access to the subfolders.

But as mentioned, with those permissions they can delete the initial 7 subfolders.  How can I protect these folders while still allowing them modify rights to files within them?

(yes I know that was a bit redundant)
0
Comment
Question by:americaneldercare
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36573779
Try Denying the Special permission to delete. Or give them the special permissions needed
0
 

Author Comment

by:americaneldercare
ID: 36574432
My apologies for not indicating this, I put special permission 'Deny Delete' to the Root (*Branch* Data) folder then used the 'Apply these permissions to objects and/or contains within this container only' and that did not work.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36575283
Are the permissions inherited from the root?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:americaneldercare
ID: 36575482
I attached a visual hoping that might help a bit as well.  The initial 'Branch Share' has Everyone: Read, Everyone: Deny Delete (apply to container only).  The 7 subfolders inherit those initial permissions, then add on "Branch - modify" (for whomever is in that particular branch).  

I was under the impression that the 'Apply to Container only' would make it so that the Branch Share and the subfolders within it would get the 'Deny: Delete' option.  And since a Deny will overwrite an allow, I thought it would prevent them from deleting the folder even though they do get 'Modify' within the folder.  That however, does not appear to be the case.

In addition (again as I understand it) if I put the same 'Apply to this container only' the Deny Delete to the subfolders it would affect the folder as well as any files within it - thus preventing the users from deleting files directly in that subfolder (subfolder1, 2, and 3 in the attachment).

 Drawing1.pdf
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 36575517
When you have modify they are able to delete this is part of the permission itself there is not way around this but I thought we could pur deny delete folder and subfolder but I guess you can't
0
 
LVL 25

Expert Comment

by:Lionel MM
ID: 36579962
Not sure if this will work -- what if you add deny delete to folder and sub folders to the root directory (*Branch* Data) and apply that to the sud folders too (i.e inherit permissions) and then allow the modify right on the sub folders.
0
 

Accepted Solution

by:
americaneldercare earned 0 total points
ID: 36582309
I appear to have found the right combination of permissions.  For some reason the 'everyone' group doesn't appear to work.  But by using 'Domain Users' I was able to do DENY 'Delete' but ALLOW 'Delete subfolders and files'.

Without using the Allow they wouldn't have permission to delete subfolders/files (even though it wasn't denied).  But by using those two in combination it appears to have accomplished my need.

I have applied those permissions (individually) to each of the subfolders I don't want to be deleted.
0
 

Author Comment

by:americaneldercare
ID: 36582422
add on to that, preventing a subfolder of a subfolder from being deleted appears to be an issue.  But the initial 7 I can lock using this method.

I am still trying to figure out how to lock the other folders.

Ultimately, I am looking for a method of preventing a folder from being deleted while still allowing full access to its conents.  if anyone has a better method...
0
 

Author Closing Comment

by:americaneldercare
ID: 36895860
""
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question