Solved

Help Preventing Root Folder Deletion Using NTFS

Posted on 2014-07-28
6
702 Views
Last Modified: 2014-07-29
I am working on setting up a new Filer Server using Server 2012.  My folder structure is as follows:

- Data
   - Departments
      - IT
      - HR

Using the HR folder as an example, I want to give a group of users permissions to create / modify folders and files within the HR folder.  However, I do not want to allow this group to be able to delete the top-level HR folder by mistake.  

I am unsure how to go about this with the proper NTFS permissions.  Your help is appreciated!
0
Comment
Question by:csimmons1324
  • 5
6 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 500 total points
ID: 40225046
For the HR folder, Under Security > Advanced > Change Permissions > Make sure they do not have Full Control, Delete, Change Permissions, or Take Ownership. That should allow them to create and modify within the HR folder but not delete the HR folder itself.

You also have to make sure that the User group does not have permission on the parent folder to "Delete Subfolders and Files". If they do, it will override and they will be able to delete it.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225066
Here is a good reference for Advanced Permissions

http://www.ntfs.com/ntfs-permissions-file-advanced.htm
0
 

Author Comment

by:csimmons1324
ID: 40225248
Joshua,

The user group did not have full control, change permissions or take ownership permissions.  However, on the HR folder the group did have Delete permissions on This folder, subfolders and files.  So I removed the Delete permission from the group and did some testing.

Test User1 was able to created folders and files within the HR folder.  Test User1 could delete the folders and files that he created.  Test User1 could not delete the HR folder.

Test User2 could also create folders and files within the HR folder.  However, Test User2 could not delete the subfolders or files that were created by Test User1.  This is a problem as anyone in the group should be able to create / modify / delete files and folders with the HR folder.

I went back into the permissions of the HR folder and enabled Delete subfolders and files for the HR folder and applied it to this folder, subfolders and files.  This allowed Test User2 to delete files and folders created by Test User1.  

If I am not mistaken, I believe that I now have the permissions set appropriately.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225255
Yes you are correct. What I meant by parent folder was the Departments folder. On Departments, you had to make sure that "Delete Subfolders and Files" was not selected for that group.

It was just a precaution to look for.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225289
csimmons1324,

I'm glad I could help!
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225422
Don't forget to mark a solution if you feel a have helped you solve your issue! Thanks
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question