How can I prevent users from renaming a folder?

Posted on 2012-03-28
Medium Priority
Last Modified: 2012-06-27

I am looking for a solution where I can prevent users from renaming a folder name. I don't mind if the folder gets deleted because I trust that the users know what the folder is for and won't delete it, plus I already know how to prevent it from being deleted.

The folder is hard-coded on a fax machine which sends scanned documents to this location. If it is renamed, then the scanning process will not work.

I just want to know how to control folder renaming on its own. Users should still be able to read/write/delete folders and files as normal.

I hope I have provided enough information on the problem, but feel free to ask for more on this.
Question by:stvmph
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Author Comment

ID: 37779923
I have looked at other topics but they don't give me the answer I am looking for.
LVL 21

Assisted Solution

motnahp00 earned 400 total points
ID: 37779955
If a user has read and write permissions on your top level folder, the can pretty much do what they want. Why not use a group policy to create a folder with a specified name at logon? So if the user renames the folder, it will always be recreated.

User Configuration -> Preferences -> Windows Settings -> Folders

Assisted Solution

lucifer82 earned 800 total points
ID: 37780036
Hi stvmph,

I have a potential solution for you as I do this practise when I setup new sites all the time.

1. Each user will have their own folder so eg.

User_Folders (root)
- User1 < this folder name should be same with username for user 1
- User 2 < this folder name should be same with username for user 2

2. You create service account that your MFD will use to scan eg. scanner

3. This scanner user has full rights to each folders, you than make sure that each user folders is only accessable by administrator, scanner and the user who needs to access they can all have full rights.

4. This is the trick part you create the "User_Folders" as hidden share with "Everyone" with full control. As for the security rights on this folder it should be:

Scanner - Modify
Administrators - FULL
Users - Read Only

5. Once that's done first verify that you can still scan to the folder.
6. After the verification you create a mapped drive policy to map drive "S" to each user by their username.

eg. \\YOURSERVER\User_Folders$\%USERNAME%\

*YOURSERVER < this is hostname or ip address of your file server
*$ sign at the end of the share name means it's hidden share
*%USERNAME% < This automatically works out your username this is used

This way user doesn't get to browse the upper layer in order to delete this folder, instead they only have mapped drive with all of their scan items.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 28

Assisted Solution

Run5k earned 400 total points
ID: 37780043
The simple solution would be to ensure that your people are Standard users, and then modify the NTFS permissions on the folder so that only System account and the Administrators group have full control.  In contrast, Users and Authenticated users can have Read & execute, List folder contents, and Read permissions.

Assisted Solution

Praveenraj04 earned 400 total points
ID: 37780399
Hi Friend,

There is a option in NTFS Permission in Advanced Tab to Uncheck the Modify Option.

Please check the below link for more infomation:


Enable the Allow for the Following
Read & Execute
and Make sure MODIFY is unchecked for Allow and Deny leave it blank and you should be good.

Please check and revert to me if you have any queries.

P. Praveen Raj

Accepted Solution

stvmph earned 0 total points
ID: 37784968
I have figured out what the problem is to this was. Let me paint a picture for you. The FTP server that the scanner can connect to is pointed at the P drive. There are already heaps of folders in P drive.

In the permissions for P drive, the "Everyone" group/user is set to Full Control. Therefore, all users are able to rename the scanner folder I was trying to prevent from being renamed.

However, I did make a subfolder within the scanner folder which I pointed the scanner to scan to directly. And through testing with a generic user account, I managed to prevent this folder from being renamed using permissions.

Now I know that if the upper level folder gets renamed, the problem still exists, but at least I know now how to prevent renaming.

Here's what I did. Let's say the directory is: P:\scanner\scans and there is a "Sales" security group.

In the scanner folder, I went to "Advanced", "Change Permissions", and unticked "Include inheritable permissions from the object's parent". I added in the IT group and the scanner user with "Full Control" access.

I then added the "Sales" group in twice. The first time I added them in was with "Traverse folder / execute file" and "List folder / read data" for "This folder only". The second time I added them in was with read/write/delete for "Subfolders and files only".

I tested with a generic account in the "Sales" group and they were unable to rename the "scans" folder and everything within the "scanner" folder. But inside the "scans" folder, they can do whatever they want.

I have found the solution even though the problem still exists, but that is not something we're willing to look at at this stage. As far as points go, all of you had various ideas that got to me my final solution but not exactly what I ended up doing.

motnahp00, you made me realise my P drive had full control set.
lucifer82, you had a near perfect solution however users already have P drive mapped so I couldn't hide it from them
Run5k, you had the right idea but I needed write permissions for the standard users as well
Praveenraj04, you were on the right track but it wasn't as simple as that.

I'm going to split the points accordingly amongst all of you.

Thanks for the help.

Author Closing Comment

ID: 37800061
I didn't get the full solution from the other experts but good hints.

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this o…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Suggested Courses
Course of the Month12 days, 15 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question