Restricting user file permissions

Is it possible to restrict users ability to move/delete FOLDERS only for a top-level directory? Users move/delete items from time to time and it can be a little hard to detect.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Patrick BogersDatacenter platform engineer LindowsCommented:

This can be done but is tricky to get it working properly.
The trick is to disable the cut/paste option in advanced security but remain the read/write and modify option. (where applicable)
Restricting a folder is quite a impossible task. Its only been done like at the case that allows a user to not grant a permission. If you want to restrict a particular folder then only thing can be done is to dont authorize the permission to them.

Another options would be like Create a level such as

Level 1 & 2 - Admin Group - Write, Modify, Read, etc. Users - Read, List Folder Contents, Read and execute

Bottom levels - Users - add Write and Modify permissions.

You can add permissions at the lower levels w/ no problems. Taking away permissions at lower levels is where you have to remove the inheritance and then copy permissions, then remove what you don't want.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Smith and AndersenCommented:
I have the same issue with my users..accidental copy and pasting folders into other folders.
My file system is like this
Cad(root shared folder)

Folder share=everyone full access
NTFS perms on the root folder= Traverse, list folder, read att, read ext att and read permissions ntfs perms

year folders(1965-2013)=Traverse, list folder, read att, read ext att and read permissions ntfs perms

project folders=Traverse, list folder, read att, read ext att and read permissions ntfs perms

My users have modify perms on all subfolder below projects.
ABE is enabled so that if a user isnt in a group that has access to the folders they dont see the folders
medium_gradeAuthor Commented:
Thank you all for your help! I think between modifying advanced permissions and some 3rd party software, we can accomplish what we want.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.