How can I prevent users from renaming a folder?


I am looking for a solution where I can prevent users from renaming a folder name. I don't mind if the folder gets deleted because I trust that the users know what the folder is for and won't delete it, plus I already know how to prevent it from being deleted.

The folder is hard-coded on a fax machine which sends scanned documents to this location. If it is renamed, then the scanning process will not work.

I just want to know how to control folder renaming on its own. Users should still be able to read/write/delete folders and files as normal.

I hope I have provided enough information on the problem, but feel free to ask for more on this.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stvmphAuthor Commented:
I have looked at other topics but they don't give me the answer I am looking for.
If a user has read and write permissions on your top level folder, the can pretty much do what they want. Why not use a group policy to create a folder with a specified name at logon? So if the user renames the folder, it will always be recreated.

User Configuration -> Preferences -> Windows Settings -> Folders
Hi stvmph,

I have a potential solution for you as I do this practise when I setup new sites all the time.

1. Each user will have their own folder so eg.

User_Folders (root)
- User1 < this folder name should be same with username for user 1
- User 2 < this folder name should be same with username for user 2

2. You create service account that your MFD will use to scan eg. scanner

3. This scanner user has full rights to each folders, you than make sure that each user folders is only accessable by administrator, scanner and the user who needs to access they can all have full rights.

4. This is the trick part you create the "User_Folders" as hidden share with "Everyone" with full control. As for the security rights on this folder it should be:

Scanner - Modify
Administrators - FULL
Users - Read Only

5. Once that's done first verify that you can still scan to the folder.
6. After the verification you create a mapped drive policy to map drive "S" to each user by their username.

eg. \\YOURSERVER\User_Folders$\%USERNAME%\

*YOURSERVER < this is hostname or ip address of your file server
*$ sign at the end of the share name means it's hidden share
*%USERNAME% < This automatically works out your username this is used

This way user doesn't get to browse the upper layer in order to delete this folder, instead they only have mapped drive with all of their scan items.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

The simple solution would be to ensure that your people are Standard users, and then modify the NTFS permissions on the folder so that only System account and the Administrators group have full control.  In contrast, Users and Authenticated users can have Read & execute, List folder contents, and Read permissions.
Hi Friend,

There is a option in NTFS Permission in Advanced Tab to Uncheck the Modify Option.

Please check the below link for more infomation:

Enable the Allow for the Following
Read & Execute
and Make sure MODIFY is unchecked for Allow and Deny leave it blank and you should be good.

Please check and revert to me if you have any queries.

P. Praveen Raj
stvmphAuthor Commented:
I have figured out what the problem is to this was. Let me paint a picture for you. The FTP server that the scanner can connect to is pointed at the P drive. There are already heaps of folders in P drive.

In the permissions for P drive, the "Everyone" group/user is set to Full Control. Therefore, all users are able to rename the scanner folder I was trying to prevent from being renamed.

However, I did make a subfolder within the scanner folder which I pointed the scanner to scan to directly. And through testing with a generic user account, I managed to prevent this folder from being renamed using permissions.

Now I know that if the upper level folder gets renamed, the problem still exists, but at least I know now how to prevent renaming.

Here's what I did. Let's say the directory is: P:\scanner\scans and there is a "Sales" security group.

In the scanner folder, I went to "Advanced", "Change Permissions", and unticked "Include inheritable permissions from the object's parent". I added in the IT group and the scanner user with "Full Control" access.

I then added the "Sales" group in twice. The first time I added them in was with "Traverse folder / execute file" and "List folder / read data" for "This folder only". The second time I added them in was with read/write/delete for "Subfolders and files only".

I tested with a generic account in the "Sales" group and they were unable to rename the "scans" folder and everything within the "scanner" folder. But inside the "scans" folder, they can do whatever they want.

I have found the solution even though the problem still exists, but that is not something we're willing to look at at this stage. As far as points go, all of you had various ideas that got to me my final solution but not exactly what I ended up doing.

motnahp00, you made me realise my P drive had full control set.
lucifer82, you had a near perfect solution however users already have P drive mapped so I couldn't hide it from them
Run5k, you had the right idea but I needed write permissions for the standard users as well
Praveenraj04, you were on the right track but it wasn't as simple as that.

I'm going to split the points accordingly amongst all of you.

Thanks for the help.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
stvmphAuthor Commented:
I didn't get the full solution from the other experts but good hints.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.