• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 770
  • Last Modified:

Help Preventing Root Folder Deletion Using NTFS

I am working on setting up a new Filer Server using Server 2012.  My folder structure is as follows:

- Data
   - Departments
      - IT
      - HR

Using the HR folder as an example, I want to give a group of users permissions to create / modify folders and files within the HR folder.  However, I do not want to allow this group to be able to delete the top-level HR folder by mistake.  

I am unsure how to go about this with the proper NTFS permissions.  Your help is appreciated!
0
csimmons1324
Asked:
csimmons1324
  • 5
1 Solution
 
Joshua GrantomSenior EngineerCommented:
For the HR folder, Under Security > Advanced > Change Permissions > Make sure they do not have Full Control, Delete, Change Permissions, or Take Ownership. That should allow them to create and modify within the HR folder but not delete the HR folder itself.

You also have to make sure that the User group does not have permission on the parent folder to "Delete Subfolders and Files". If they do, it will override and they will be able to delete it.
0
 
Joshua GrantomSenior EngineerCommented:
Here is a good reference for Advanced Permissions

http://www.ntfs.com/ntfs-permissions-file-advanced.htm
0
 
csimmons1324IT ManagerAuthor Commented:
Joshua,

The user group did not have full control, change permissions or take ownership permissions.  However, on the HR folder the group did have Delete permissions on This folder, subfolders and files.  So I removed the Delete permission from the group and did some testing.

Test User1 was able to created folders and files within the HR folder.  Test User1 could delete the folders and files that he created.  Test User1 could not delete the HR folder.

Test User2 could also create folders and files within the HR folder.  However, Test User2 could not delete the subfolders or files that were created by Test User1.  This is a problem as anyone in the group should be able to create / modify / delete files and folders with the HR folder.

I went back into the permissions of the HR folder and enabled Delete subfolders and files for the HR folder and applied it to this folder, subfolders and files.  This allowed Test User2 to delete files and folders created by Test User1.  

If I am not mistaken, I believe that I now have the permissions set appropriately.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Joshua GrantomSenior EngineerCommented:
Yes you are correct. What I meant by parent folder was the Departments folder. On Departments, you had to make sure that "Delete Subfolders and Files" was not selected for that group.

It was just a precaution to look for.
0
 
Joshua GrantomSenior EngineerCommented:
csimmons1324,

I'm glad I could help!
0
 
Joshua GrantomSenior EngineerCommented:
Don't forget to mark a solution if you feel a have helped you solve your issue! Thanks
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now