• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 33
  • Last Modified:

Controlling Directory access on a Windows Server

We have a Windows 2012 R2 server into which people can log in with their ID using Remote Desktop.
They log in to run various batch files and executables.  These program depend on certain files being in certain locations.
Some people are accidentally (I think) removing or renaming directories.
Is it possible to allow people to create, but not delete or rename existing directories?  The program people run are to ingest and reformat data, so it can be sent to our online database.  They do not remove or rename directories.
  • 2
1 Solution
CESNetwork AdministratorCommented:
You could try making the directories read only as long as they don't need to write to the same location.
AlHal2Author Commented:
They do need to write to the same location.
> Is it possible to allow people to create, but not delete or rename existing directories?

Do this on desired directories.
Note: Try on a test directory first to confirm confidence.

  1. Make sure user/group is not a member of a group in the list that has modify (or higher) rights. Else these steps don't work. Example: If inheritance is on and user/group is in Domain Users and Domain Users currently shows in the list, you'll need to remove inheritance first. Then remove Domain Users. Then do the steps and add Domain Users back in.
  2. Add the user.
  3. Change permissions to Modify.
  4. OK.
  5. Advanced.
  6. Change permissions.
  7. Double-click user.
  8. Change to "This folder only"
  9. Clear Delete box.
  10. OK to close dialog.
  11. Apply.
  12. Add.
  13. Add same user.
  14. Change to "Subfolders and files only".
  15. Pick Full Control. This puts checks in all the other boxes.
  16. Clear Full Control, Change Permissions, and Take Ownership.
  17. OK to close all dialogs.
AlHal2Author Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now