Click here to get back home

Prevent folder deletion
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Prevent folder deletion Arnaud Lesauvage 10-24-2007
Posted by Arnaud Lesauvage on October 24, 2007, 8:27 am
Please log in for more thread options
 Hi group !

I am sure this question will sound stupid, but how can I prevent users from
deleting *folders* ?
I have a DFS share using replication.
I gave everyone full access to this share.
I want the users to be able to create and delete files wherever they are in this
share, but I want to forbid folder deletion.
I have tried to just check "disallow" in front of "delete" in the ACL of the
root folder and apply to "this folder and subfolders", but when I do that I can
still delete any subfolder.
What is the right setting for this ?

Thanks a lot !
--
Arnaud

Posted by S. Pidgorny on October 25, 2007, 4:46 am
Please log in for more thread options
 The first thing that comes to mind is - deny deleting subfolders and files
from the parent folder, and remove delete permission from the folder itself.
That works for me here.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

> Hi group !
>
> I am sure this question will sound stupid, but how can I prevent users
> from deleting *folders* ?
> I have a DFS share using replication. I gave everyone full access to this
> share.
> I want the users to be able to create and delete files wherever they are
> in this share, but I want to forbid folder deletion.
> I have tried to just check "disallow" in front of "delete" in the ACL of
> the root folder and apply to "this folder and subfolders", but when I do
> that I can still delete any subfolder.
> What is the right setting for this ?
>
> Thanks a lot !
> --
> Arnaud



Posted by Arnaud Lesauvage on October 26, 2007, 2:28 am
Please log in for more thread options
S. Pidgorny <MVP> a écrit :
> The first thing that comes to mind is - deny deleting subfolders and files
> from the parent folder, and remove delete permission from the folder itself.
> That works for me here.
>

Thanks for your answer.
I finally managed to prevent deletion of any folder in the tree behind the root,
but the problem is that now any folder created is created with a "New folder"
name.
After searching on net I found out that renaming a folder was equivalent for the
OS to a deletion/recreation, and that one needed delete rights to do that.
That's quite bad because I want my users to be able to create folders (without
going into a command prompt and typing some "md ..." command).

Any workaround for that ?

Regards
--
Arnaud

Posted by S. Pidgorny on October 28, 2007, 6:07 am
Please log in for more thread options
Arnaud - think of folders as files containing information about other files.
You either allow changing their contents, or not.

If users can rename subfolders and files, they would be able to delete
those.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

> S. Pidgorny <MVP> a écrit :
>> The first thing that comes to mind is - deny deleting subfolders and
>> files from the parent folder, and remove delete permission from the
>> folder itself. That works for me here.
>>
>
> Thanks for your answer.
> I finally managed to prevent deletion of any folder in the tree behind the
> root, but the problem is that now any folder created is created with a
> "New folder" name.
> After searching on net I found out that renaming a folder was equivalent
> for the OS to a deletion/recreation, and that one needed delete rights to
> do that.
> That's quite bad because I want my users to be able to create folders
> (without going into a command prompt and typing some "md ..." command).
>
> Any workaround for that ?
>
> Regards
> --
> Arnaud



Posted by Arnaud Lesauvage on October 29, 2007, 7:17 am
Please log in for more thread options
S. Pidgorny <MVP> a écrit :
> Arnaud - think of folders as files containing information about other files.
> You either allow changing their contents, or not.
>
> If users can rename subfolders and files, they would be able to delete
> those.
>

Yes, I understand the mechanics of the renaming process, I am just trying to
find a way for my users to create folders with the right name.
It's OK if they can't rename the folder afterwards, but they should be able to
give a name upon creation.

Regards
--
Arnaud

Similar ThreadsPosted
prevent file deletion January 3, 2007, 1:11 pm
Prevent Folder moving July 11, 2005, 9:17 am
prevent access to shared folder when not on a domain computer July 11, 2005, 8:50 pm
W2K3 Server File Deletion From Windows Service August 11, 2006, 4:20 pm
View folder nested in other unviewable folder January 15, 2007, 2:24 pm
failed/successfull audit delete folder and delete file and folder November 15, 2006, 8:12 am
Folder and Sub-folder permissions September 5, 2007, 5:01 pm
Prevent Copying July 6, 2006, 8:28 am
Prevent copying October 6, 2006, 4:50 pm
How to prevent exploits June 23, 2007, 8:26 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap