Re: controlling deleting of files with NTFS

---

• From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
• Date: Thu, 28 Jun 2007 00:01:41 -0700

---

You will not be able to get around the issue with Office documents
(or those for some other applications) due to the renaming as outlined
in the prior reply.
When set at the same level in the dir structure a deny overrules a
grant. Hence when on this dir you deny delete to a group, and also
grant delete to a user that is in the denied group, the grant is nullified
by the deny. Rather than using deny, grant only what the group should
have (i.e. remove delete in the advanced view in the NTFS permissions
dialog). So, you end up with two grants: one to the group of what they
should have, and one to the person that should have delete.


"Chad Shutts" <ChadShutts@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:26EA3267-49B7-4846-B33C-606CF8AB1177@xxxxxxxxxxxxxxxx

I am trying to control the deleting of files in one of our deparments.
Only
one user should be able to delete. Everyone else should be able to
change,
and create new but never delete.

On the top most folder I am trying to set the ntfs security on, I have
said
to 'deny' delete for the ACL group.

Ok, here is the issue: They are not allowed to delete, so I had sucess
there!
They are allowed to modify, so I had success there!...but if they are in
word and create a new document and save it in that folder, they get an
error
saying it cannot save because "the folder is marked read only".
If I go to the folder and right click, new, text document or word
document..I get a similiar message.

So I take away the deny delete and they can create new again...but they
can
also delete files again.

I need to resolve this...but also their supervisor still needs to be able
to
delete and she is in the same group.

So really I need answer to 2 questions...
1. prohibit the deleting of files
2. allowing one person to delete in the same folder

I appreciate any and all advice,
Chad

.

---

• Prev by Date: Re: Complex File Permission
• Next by Date: Re: Password Policy forces to change password - but too late...
• Previous by thread: Re: controlling deleting of files with NTFS
• Next by thread: Re: Acceptability Of Self-Sign SSL And Client Certificates
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: file permissions ... The original tools have a rudimentary Deny, ... I grant everything that I can to This folder, subfolders and file on the ... (microsoft.public.windowsxp.security_admin) Re: Protecting folder-structure against accidental alteration ... grant applies. ... grants for This folder and subfolders and for Files only. ... By looking at the nature of the damage I'd guess that slow-click is the ... NTFS permissions to stop renaming of the root folders in the structure. ... (microsoft.public.security) Re: Make Folder Private ... Rather only grant to the desired accounts. ... The folder is on a large drive I ... Now I've found the DENY ... (microsoft.public.windowsxp.security_admin) Re: Make Folder Private ... Rather only grant to the desired accounts. ... The folder is on a large drive I ... Now I've found the DENY ... (microsoft.public.windowsxp.security_admin) Re: Files and Folders ... If you drill into the Advanced dialog in the NTFS permissions ... You would want a modify grant that applies to ... that applies to This folder and subfolders, or even to This folder, ... (microsoft.public.windows.server.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2007-06