Re: NT File Security

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 11/19/02 

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Tue, 19 Nov 2002 13:49:22 -0500

"Les H" <les@rbbaker.com> wrote in message
news:985801c28ff6$cd94e810$89f82ecf@TK2MSFTNGXA01...
> Anyone know how to give Full access to a group or user
> for a directory but at the same time prevent anyone but
> admins from renaming, moving or deleting the directory.
> Novell, for example, has a neat feature called "Delete
> Inhibit" that disallows the above from happening...

Yes, sort of. First, make sure you do not give any untrusted users "Full"
access to the folder or files. Doing this permits them to change
permissions on the folder and increase their permissions. Similarly, also
make sure the users are not in the Administrators or Domain Admins groups,
for the same reason. It might be a good idea to look at who is listed as
the owners of those files or folders, since I believe an owner can reset
permissions.

Next, you can go into the "Advanced" button to see and remove certain
permissions such as Delete. However, this will cause error messages when
opening the files using Microsoft Office programs like MS Word, and old temp
files will accumulate in the folder that the users cannot delete. However,
these files should still be viewable and editable by MS Office, Wordpad,
etc. as long as the users know to get past the error messages, and as long
as you right-click on the folder to create a new Office document instead of
clicking on File, New in the Office program. Many people and organizations
may find this undesirable, but it is possible to do.

Removing the Delete permission should also prevent moving the file from the
folder.

Note that you cannot prevent a user that can read a file from copying a file
to another location. If they can read, they can copy. This is probably
also true of other operating systems besides Windows.