Solved

Help Preventing Root Folder Deletion Using NTFS

Posted on 2014-07-28
6
679 Views
Last Modified: 2014-07-29
I am working on setting up a new Filer Server using Server 2012.  My folder structure is as follows:

- Data
   - Departments
      - IT
      - HR

Using the HR folder as an example, I want to give a group of users permissions to create / modify folders and files within the HR folder.  However, I do not want to allow this group to be able to delete the top-level HR folder by mistake.  

I am unsure how to go about this with the proper NTFS permissions.  Your help is appreciated!
0
Comment
Question by:csimmons1324
  • 5
6 Comments
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 500 total points
ID: 40225046
For the HR folder, Under Security > Advanced > Change Permissions > Make sure they do not have Full Control, Delete, Change Permissions, or Take Ownership. That should allow them to create and modify within the HR folder but not delete the HR folder itself.

You also have to make sure that the User group does not have permission on the parent folder to "Delete Subfolders and Files". If they do, it will override and they will be able to delete it.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225066
Here is a good reference for Advanced Permissions

http://www.ntfs.com/ntfs-permissions-file-advanced.htm
0
 

Author Comment

by:csimmons1324
ID: 40225248
Joshua,

The user group did not have full control, change permissions or take ownership permissions.  However, on the HR folder the group did have Delete permissions on This folder, subfolders and files.  So I removed the Delete permission from the group and did some testing.

Test User1 was able to created folders and files within the HR folder.  Test User1 could delete the folders and files that he created.  Test User1 could not delete the HR folder.

Test User2 could also create folders and files within the HR folder.  However, Test User2 could not delete the subfolders or files that were created by Test User1.  This is a problem as anyone in the group should be able to create / modify / delete files and folders with the HR folder.

I went back into the permissions of the HR folder and enabled Delete subfolders and files for the HR folder and applied it to this folder, subfolders and files.  This allowed Test User2 to delete files and folders created by Test User1.  

If I am not mistaken, I believe that I now have the permissions set appropriately.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225255
Yes you are correct. What I meant by parent folder was the Departments folder. On Departments, you had to make sure that "Delete Subfolders and Files" was not selected for that group.

It was just a precaution to look for.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225289
csimmons1324,

I'm glad I could help!
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40225422
Don't forget to mark a solution if you feel a have helped you solve your issue! Thanks
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Suggested Solutions

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now