Solved

Help Preventing Root Folder Deletion Using NTFS

Posted on 2014-07-28
6
689 Views
Last Modified: 2014-07-29
I am working on setting up a new Filer Server using Server 2012.  My folder structure is as follows:

- Data
   - Departments
      - IT
      - HR

Using the HR folder as an example, I want to give a group of users permissions to create / modify folders and files within the HR folder.  However, I do not want to allow this group to be able to delete the top-level HR folder by mistake.  

I am unsure how to go about this with the proper NTFS permissions.  Your help is appreciated!
0
Comment
Question by:csimmons1324
  • 5
6 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 500 total points
ID: 40225046
For the HR folder, Under Security > Advanced > Change Permissions > Make sure they do not have Full Control, Delete, Change Permissions, or Take Ownership. That should allow them to create and modify within the HR folder but not delete the HR folder itself.

You also have to make sure that the User group does not have permission on the parent folder to "Delete Subfolders and Files". If they do, it will override and they will be able to delete it.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225066
Here is a good reference for Advanced Permissions

http://www.ntfs.com/ntfs-permissions-file-advanced.htm
0
 

Author Comment

by:csimmons1324
ID: 40225248
Joshua,

The user group did not have full control, change permissions or take ownership permissions.  However, on the HR folder the group did have Delete permissions on This folder, subfolders and files.  So I removed the Delete permission from the group and did some testing.

Test User1 was able to created folders and files within the HR folder.  Test User1 could delete the folders and files that he created.  Test User1 could not delete the HR folder.

Test User2 could also create folders and files within the HR folder.  However, Test User2 could not delete the subfolders or files that were created by Test User1.  This is a problem as anyone in the group should be able to create / modify / delete files and folders with the HR folder.

I went back into the permissions of the HR folder and enabled Delete subfolders and files for the HR folder and applied it to this folder, subfolders and files.  This allowed Test User2 to delete files and folders created by Test User1.  

If I am not mistaken, I believe that I now have the permissions set appropriately.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225255
Yes you are correct. What I meant by parent folder was the Departments folder. On Departments, you had to make sure that "Delete Subfolders and Files" was not selected for that group.

It was just a precaution to look for.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225289
csimmons1324,

I'm glad I could help!
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225422
Don't forget to mark a solution if you feel a have helped you solve your issue! Thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now