Re: Deny deletion of a folder

• Previous message: Steven L Umbach: "Re: Deny deletion of a folder"
• In reply to: Steven L Umbach: "Re: Deny deletion of a folder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 19 Oct 2003 19:32:06 GMT

I realized after posting that I was on my XP computer. So I went into the
basement where the W2K Server boxes are and set one up with everything
exactly as you described and lo and behold I experienced the same thing on
the W2K computer as you described. With the everyone group having full
permissions to the root folder and NO permisions [not even listed] at all on
a subfolder, a user with only read/list/execute/write ntfs permissions to
the subfolder of the root could delete it. I would classify that as a "bug".
If I changed the everyone group to read/list/execute on the root folder,
then a regular user could no longer delete the subfolder. If you can live
with the everone group having no more than read/list/execute/write
permissions on the root folder, then you should be able to implement your
folder structure as needed. This was a new one for me - as I said I always
remove or give the everyone no more than read/list execute. --- Steve

"Steven L Umbach" <n9rouz@nscomcast.net> wrote in message
news:wQAkb.315452$mp.252886@rwcrnsc51.ops.asp.att.net...
> It should not. Make sure you logoff and back on computer before testing
changes. I
> did create a folder under the root and had no problem denying access to
regular users
> to delete the "main" folder. My root folder however has the everyone group
removed
> and users have read/list/execute permissions. I have emailed you a
screenshot of my
> test folder permissions. --- Steve
>
> "Netmasker" <netmasker@yahoo.com> wrote in message
news:bmn4qm$44b$1@nic.grnet.gr...
> > I have figured out the problem but not the solution!
> >
> > The problem is that my folder "test" IS UNDER THE ROOT DIRECTORY (C:\)
and
> > even the 'explicit deny deletion' of the folder "test" does not work for
the
> > 'users' (and of course I DO NOT "Allow inheritable permissions from
parent
> > to propagate to the this object").
> >
> > But if I set the exactly same permissions to a subfolder of the folder
> > "test" then I take the desired result!!!
> >
> > I have to mention that the permissions on my root directory (c:\) are
set to
> > "Everyone-Full Control", but why does this affect the folders inside the
> > root directory when I do not allow inheritance ???
> >
> > Please try it yourself and you will see this strange behavior of NTFS
> > permissions...
> >
> >
> > "Steven L Umbach" <n9rou@comcast.net> wrote in message
> > news:oXjib.105860$%h1.108457@sccrnsc02...
> > > I have done it numerous times before, but I apologize because I see my
> > recommendation
> > > was wrong. I just need to modify my recommendation by saying that
users
> > will need
> > > read/list/execute/write permissions on the main security page. They
must
> > have write
> > > permissions to the folder to be able to create subfolders/files, but
that
> > will not
> > > allow them to delete the main folder you refer to as test [assuming a
> > regular user is
> > > not owner also]. After you set it up double check the advanced
permissions
> > to make
> > > sure that delete is not selected for users for any special permission
that
> > includes
> > > "folder". Also make sure your test user is only a member of the users
> > group. I did
> > > just test my recommendation again by creating a folder while logged on
as
> > > administrator with the said permissions. When I logged on as a regular
> > user I was
> > > able to create/delete subfolders and files but not delete the root
folder
> > where I set
> > > permissions. Keep in mind that with ntfs permissions an explicit
allow
> > overrides and
> > > inherited deny. --- Steve
> > >
> >
> >
> >
> >
> >
> >
> >
>
>

• Previous message: Steven L Umbach: "Re: Deny deletion of a folder"
• In reply to: Steven L Umbach: "Re: Deny deletion of a folder"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]