Avatar of Ess Kay
Ess Kay
Flag for United States of America asked on

windows folder permissions: deny delete - allow rename

i have a server with a shared folder on windows server 2005
(see picture)
i set delete to disallow, how do i allow people to rename folders and files without allowing them to delete files and folders


the people who use this are not tech savvy, so it must only be done by IT department, not a workaround by the user.

thanks in advance

permissions

http:#a38180491
Windows OSStorage HardwareNetwork Management

Avatar of undefined
Last Comment
Qlemo

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
karephre

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Ess Kay

ASKER
I understand the above method does not work. I am not asking why


QUESTION is: how to do this.
SOLUTION
MidnightOne

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ess Kay

ASKER
that wont be an issue.we dont have melicius users, just illitirate ones
Ess Kay

ASKER
I've requested that this question be closed as follows:

Accepted answer: 0 points for esskayb2d's comment #38059802

for the following reason:

Customer is right. please answer the question, not debate it:)
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
MidnightOne

Question was answered. OP doesn't like the answer of "you can't do that".
MidnightOne

Actually, "You can't do that" is a valid answer.

**Edited text to remove off-topic comments** -JARmod101
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ess Kay

ASKER
I am looking for something like


1st Security - which I used in the past

it is a 3rd party application which can restrict access. I have not tested it with networks which is why I ask in this payed forum from professionals.

**Edited text to remove off-topic comments** -JARmod101
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ess Kay

ASKER
I contest your opinion JARmod101.

with the example that I have give, it CAN be done. I have used that program on individual computers years ago.
Just because the 3 people responding do not know any solution for it does not mean it does not exist.

Please allow me to close this and open a fresh question
Ess Kay

ASKER
Perhaps there is a way to delete a file only after it has been coppied
Alan Hardisty

That might work for a folder, but not for a file.

The only way that would work is to submit a request to someone with permissions to be able to delete the file and get them to do it, or get someone to write a script to be able to achieve this with the relevant permissions.

Either way - your question has been answered and should be closed, awarding points to the Experts who advised you that this can't be done accordingly.

If you want to open up a new question and ask for someone to help you to devise such a script to get around the NTFS limitations of renaming a file, then that would be the appropriate action to take and then you can add the question to the correct zones.

Alan
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Ess Kay

ASKER
The question was: "how do i allow people to rename folders and files without allowing them to delete files and folders"

Not how do i do this using windows native commands or functions.

This has not been answered
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ess Kay

ASKER
Maybe if i add a scenario and rephrase the question this will help.

We have Techs bring their cameras with jobsite photos to the SHOP computer(s).
(Sometimes the photos are a month old or more)

the folders on the photo server have a heirarchy which looks like this
//Photos / y / m / d / job / empl / picture.ext
IE:
2010
2011
2012
 -jan
 -feb
 -...
 -july
    --01
    --02
       ---workorder 123456
       ------employee 336
                    ---picture1.jpg
                    ---picture2.jpg
                    ---picture3.jpg

when an employee comes they should not be able to delete older photos


when they create a new folder however, it is always titled 'New Folder'
and must be renamed accordingly to the tech's name, date, etc...


How can this be done
Alan Hardisty

If the employee is the one denied the Delete File / Folder permissions, then the employee is not going to be able to rename the New Folder - end of story.

If you get someone without the Deny Delete permission to Create and Rename the folder, then the employee can use the relevant folder after it has been renamed accordingly.

This will involve two people.  One with Delete File / Folder permissions and the employee without.  No other way around it if you deny employees the ability to delete files / folders.

Perhaps you can have an area where employees CAN delete files / folders and then once they have uploaded the photos, the files are copied to the area where the Employees can't delete the Files / Folders?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ess Kay

ASKER
it has to be one person doing it. they are understaffed. there is also no onsite IT
Alan Hardisty

Okay - then for the umpteenth time - it can't be done.
Ess Kay

ASKER
I understand that it is problematic. if it was easy i would of had it done myself by now.


this site is for solutions.

i want  a "Solution"  

 I cannot accept 'dont add security' as a solution

The issue arrises when techs delete the folders
there are up to 80 techs a day uploading pictures
for mutiple jobsites. We cannot trust each one to be loyal or smart
Your help has saved me hundreds of hours of internet surfing.
fblack61
Alan Hardisty

It isn't problematic - it is impossible.

You can't do what you want to do and that is something you need to come to terms with.

Whilst you may not accept that this is a solution, as far as Experts Exchange is concerned, that is the solution.  "It cannot be done" is and always has been a valid solution and as such, this question should be closed accordingly awarding points to the experts who advised you that it can't be done.

You can rephrase the question, ask it in a different way, whatever you wish to try and find a different answer, but the answer is always going to be the same - it isn't possible.

I have told you this, Lee has told you this, the Moderators have told you this, other Experts have told you this - the only one here not accepting this is you.

What is it going to take for you to take this on board?
David Johnson, CD

then give each tech an individual dedicated folder to upload the pictures and YOU can run can batch job to move them into a folder that the techs do not have delete permissions. This batch job can be automated with task scheduler.
Ess Kay

ASKER
An alternative solution. Something that will enforce a sort of security.

Is there a way to restricdelete on older files
Example: files or forder created older than one day ago
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
David Johnson, CD

no again you can't do that.. just do what I suggested, and give everyone that doesn't need to modify files just READ access to the photo library.
Ess Kay

ASKER
@ve3ofa
1st suggestion:  I have thought of that, but as you can see in the outlined list above, there are too many folders. techs with bad memory will forget which folders they uploaded yesterday or last week.
i have proposed this idea months ago, it does not suit the situation.


2nd suggestion:  Shop computers are all always logged into a user named SHOP
Techs have no personal access to the network. The computers stay on, they connect the camers via usb or chip readers.
Also, techs come and go like revolving doors. adding new users for techs will be a full time job in itself.




Sorry for the frustration guys, but how long has it been since someone really picked your brain?

If it was an easy task, I would not poste it. As you can see by my profile, I only ask hard stumping questions


i do think that your first suggestion is the best I seen so far. Most others here are not acting professionally. Thanks for your suggestions ve3ofa
David Johnson, CD

Either way have them upload the pictures to a different folder and not THE PICTURE LIBRARY and have this filemover move the files as their uploaded (again using task scheduler and a bit of scripting.. make a folder on the deskop "upload photos here"
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Ess Kay

ASKER
Its a good concept and would work for 'todays workorders' since they can all be dumped inone folder.

What of people who have a week worth of pics
David Johnson, CD

how would they have them organized on their thumb drive? They could double click on the icon which would give them an explorer window and they could do as per normal and drag and drop as they are used to..  remember this is just going to a temporary staging area..  every so often the task will wake up and clean up the folder .. say every 5 minutes or you could make a simple app that has a big "done" button, you could even ask for the date / job number /location etc.. and make the directories for them..  once the "done' button is done then the files are moved into the photo library.
Ess Kay

ASKER
Ill give you an example where this seems tough

John Doe has been taking pictures 4 days
His camera has several workorders
These pics should be sent to these folders:
C:/2012/12/30/98881 MCds/john doe/
C:/2012/12/31/98881 MCds/john doe/
C:/2012/12/30/98882 hsbc/john doe/
C:/2013/01/01/98881 cvs/john doe/
C:/2013/01/01/98885 wallmart/john doe/
C:/2013/01/02/98887 bmw/john doe/
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ess Kay

ASKER
Each folder holds 14-30 pictures

also.  The people working are physical labor tech not IT people. (Plumbers, construction, drivers, electricians.. etc)
David Johnson, CD

What is it Estimated Completion Date\ordernumber\contractname\contractor

And the tradesperson is supposed to remember which picture goes where after being in the field for a few days??  picture using camera or phone (or whatever they have onhand?) :->
Ess Kay

ASKER
Theres paperwork that says when they been to a jobsite, and all photos have timestamps on them
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Ess Kay

ASKER
If the paper said they fixed homedepot on the 3rd between 7-10 and the pics have a matching time and date, thats the folder they go into
Ess Kay

ASKER
The directory is like this drive:/yr/mo/day/workorder#&location/techname/

Folders get created by the tech. Sometimes techs dont take photos because there are 20 techs working, so generating empty folders is not practical
MidnightOne

This whole mess you're outlining is avoidable. Here's the issues I see from what you've described so far:
Every tech and contractor is doing their own thing with regard to file and folders.
Users are sharing accounts.
You need to protect already-uploaded files from deletion
The folder structure is a mess.

So, one solution isn't going to fit.
First off, stop using shared accounts. They remove all accountability. Yes, it's a PITA to create new accounts all the time. Too bad.
Second, have a process in place for the contractors and techs and follow it. People who don't get written up and let go as needed.
Third, you need to analyze the folder structure and get it into some kind of order. I'd recommend WorkOrder > YYYYMMDD only. Techname and location should be readily available through a central workorder DB anyway.
Fourth: Get SharePoint. It'll make managing this a hell of a lot easier for those on the road by requiring only an internet connection and browser. Additionally, you should be using a scripted solution to move the files around, likely outside of normal business hours.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ess Kay

ASKER
The folder system works better than wo-->yymmdd

Because, if they need to see work done last tuesday it will be in  c:/ 2012/june/23
Ess Kay

ASKER
custom accounts will not work. There is one computer with 20 people standing around uploading pictures between jobs sometimes. There is no time to log on and logg off
MidnightOne

I would suggest then within the parameters you've outlined, there is no solution. This is as good as it's going to get.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
David Johnson, CD

All you can do is use a custom app or script that will move the files from the 'staging' area  (as I  mentioned in #38181178) into your protected area. Other than that I see no solution
Ess Kay

ASKER
So, if no one knows, id like to close this with no answer
Ess Kay

ASKER
I've requested that this question be closed as follows:

Accepted answer: 0 points for esskayb2d's comment #38197085

for the following reason:

No one can help
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
MidnightOne

Multiple people have been helping with what's turned into multiple questions in a single already-answered one (to which the answer was, "You can't do that"), only to get the answer back from OP "I don't want to do that".

I recommend delete with no refund.
David Johnson, CD

concur
Ess Kay

ASKER
Thats not a solution
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Ess Kay

ASKER
I think it can be done somehow, and dont want to mark off the wrong answer.

I mean securing a network cant be done is absurd
David Johnson, CD

According to the research, the demand actually cannot be done with NTFS File system. If a user want to rename a folder, he/she should have the "Delete" NTFS permission on the folder or file. Removing delete permission from the user or group brings a limitation that the user will not be able to rename the folder. This is because of the reason that the "rename" operation is also included within the "Delete" permission, which is by design.

It is possible if you add Owner Rights as well as the user, then that user can create and delete there own files but not others. You have to enable modify on Owner Rights.
Source
The problem is that creating users and having users logon /logoff is too much of a problem for your site. This site restriction lowers the security by a thousand fold.

Security and ease of use have always been inversely related to each other.. the more you increase one the more you decrease the other.
Ess Kay

ASKER
What would you do if you were in my case.

Folder structure has to stay since it is most descriptive and practical for the client.

Techs are not users, so they use a single user
If they ever get on the network. Though sometimes they email the pictures and an office staff user will upload it to the folder.


I like the idea of uploading to a temp folder (v3, then having it moved to the protected directory.  The problem is figuring to which folder it will be loaded
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
MidnightOne

What would you do if you were in my case.

I would:

Listen to the consensus opinion that has citations that it is correct.
Listen to the considered opinions that says you need different users to allow other solutions to work.
Listen to the technical experts when they advise you're doing it wrong.


That is what I would do.
Ess Kay

ASKER
There's over 3 million pictures already there. With workorders from 2006

Changing the layout is crazy and harder to find things by date
Alan Hardisty

Solution 1 - it isn't possible.
Response 1 - I don't accept that as a solution.

Solution 2 - Change the way you do things presently.
Response 2 - That's crazy as we have over 3 million pictures.

Solution 3 - Accept that you might have got this wrong from the beginning and that you might need to start again, doing it properly this time around and then you might just have a solution that will work.
Response 3 - Okay - I'll take that on board and run with it because it might just be the only way to get this working in the specific way that I want it to?

Or am I being a little optimistic here?  But then again - what do we know?  We are only Experts!
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
Alan Hardisty

On a slightly less sarcastic note, why don't you try to setup what has been suggested for new jobs and run with it to see if it works.  If it does, then you can implement it permanently and massage the old photos into the new structure.

If it doesn't work, then you only have to massage a few folders into your existing structure and either give up on the solution, or continue searching for a different solution, knowing that you may never find one.
Ess Kay

ASKER
I think its talks like these... where the real solutions are born

Does anyone program in assembly? I may have an idea how to fix this
Ess Kay

ASKER
hypothetical, but I suppose the name is coded into the folder, which takes up parts of the folder header

so when you rename, if it doesnt erase, it will write over data

which is why it must be erased and copied back with the new name

as below

problem with renaming folder without delete

so, with some assebly manipulation , we can change the name to something with delete disabled,
as long as the new name has less bytes than the old one
..by replacing the bytes to display the proper letters of the name
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Qlemo

Viewing this from the "use a temp folder and a script" viewpoint, it should be possible to translate any (temporary) folder structure containing all relevant infos, but being easier to create, into the appropriate structure already existing. For example, a temp folder could be

\Uploads
  \Worker1
    \yyyymmdd\location
  \Worker2

aso., or any variation, e.g. first location, or the date as  yyyy-Mon-dd, or whatever. The script to transfer data could be triggered by the worker or on schedule.
If you want to go that route, you should post a new question in the Scripting subtopic areas. Make sure to properly state the limitations and options (like whether PowerShell, VB Script etc. are options).