?
Solved

Help Preventing Root Folder Deletion Using NTFS

Posted on 2014-07-28
6
Medium Priority
?
747 Views
Last Modified: 2014-07-29
I am working on setting up a new Filer Server using Server 2012.  My folder structure is as follows:

- Data
   - Departments
      - IT
      - HR

Using the HR folder as an example, I want to give a group of users permissions to create / modify folders and files within the HR folder.  However, I do not want to allow this group to be able to delete the top-level HR folder by mistake.  

I am unsure how to go about this with the proper NTFS permissions.  Your help is appreciated!
0
Comment
Question by:csimmons1324
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
6 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 2000 total points
ID: 40225046
For the HR folder, Under Security > Advanced > Change Permissions > Make sure they do not have Full Control, Delete, Change Permissions, or Take Ownership. That should allow them to create and modify within the HR folder but not delete the HR folder itself.

You also have to make sure that the User group does not have permission on the parent folder to "Delete Subfolders and Files". If they do, it will override and they will be able to delete it.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225066
Here is a good reference for Advanced Permissions

http://www.ntfs.com/ntfs-permissions-file-advanced.htm
0
 

Author Comment

by:csimmons1324
ID: 40225248
Joshua,

The user group did not have full control, change permissions or take ownership permissions.  However, on the HR folder the group did have Delete permissions on This folder, subfolders and files.  So I removed the Delete permission from the group and did some testing.

Test User1 was able to created folders and files within the HR folder.  Test User1 could delete the folders and files that he created.  Test User1 could not delete the HR folder.

Test User2 could also create folders and files within the HR folder.  However, Test User2 could not delete the subfolders or files that were created by Test User1.  This is a problem as anyone in the group should be able to create / modify / delete files and folders with the HR folder.

I went back into the permissions of the HR folder and enabled Delete subfolders and files for the HR folder and applied it to this folder, subfolders and files.  This allowed Test User2 to delete files and folders created by Test User1.  

If I am not mistaken, I believe that I now have the permissions set appropriately.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225255
Yes you are correct. What I meant by parent folder was the Departments folder. On Departments, you had to make sure that "Delete Subfolders and Files" was not selected for that group.

It was just a precaution to look for.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225289
csimmons1324,

I'm glad I could help!
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225422
Don't forget to mark a solution if you feel a have helped you solve your issue! Thanks
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question