Denying Users Deletion of Files and Folders

[Steve]

Hello,

I've got a W2K domain and can't seem to configure a particular folder
and it's sub folders to deny deletion of files and folders for all
users except ones in the Administrator group.
I basically want the users to have all access i.e. read, write, modify
etc....but just deny them access to delete, if they created the
file/folder or not.

Anyone have any ideas as to what the easiest way to go about this?

Thanks,
Steve

 

[Guest]

You can't. Conduct the experiment yourself. Take the delete right away and
just put list, create and write. Save a word doc there. Open it and save it
again under a different name. See all the tmp files? You will see those and
file names with 0 bytes by taking away the delete right.

 

[Steve Riley [MSFT]]

Additionally, what security risk do you suspect to mitigate with this
approach? Say Alice creates a file called mystuff.docx. Then Bob comes along
and creates the same file. This will overwrite Alice's file, which
essentially is the same as deleting Alice's file.

What is it that you're really trying to accomplish with this "sort-of"
shared folder?

 

[Steve]

Thanks for your response.

I have a customer that wants to safeguard against anyone accidentally
deleting files and folders off the network. She wants to be the only
one capable of doing it, aside from admin too.

Steve

 

[Steve]

Also, is this possible in 2003?

Thanks.

 

[Steve Riley [MSFT]]

There's no change in the permissions model.

But remember what I said -- Alice can "delete" Bob's files by overwriting
his files using other files with the same name.

Your best option is to create individual folders for each user and then give
only that user standard read/edit/delete permissions only on their own
folder.

 

[Steve]

Thanks again Steve!