G
Guest
Hi. I have a growing number of files in NTFS folder shares (W2K) that I want
to protect from modification or deletion by a group of users (call them
'GroupA'). I thought I would be able to achieve this by applying the deny
delete, delete sub-folders and files, append data, change permission and take
ownership permissions to GroupA on the files in question. As 'deny'
permission takes precedence over 'allow' I expected any rights GroupA
inherited to modify the file would have been superceded by the 'deny'
permissions. However, when I tested this I found GroupA users were still able
to delete the files. (I didn't check whether they could modify them)
Looking at a GroupA user's effective permissions on a test file I found the
'delete' permission was not ticked.
How can I achieve the desired outcome? The GroupA users still need to be
able to create, modify and delete files in the folder which have not been
'locked down'.
What was wrong with my reasoning?
Thanks.
to protect from modification or deletion by a group of users (call them
'GroupA'). I thought I would be able to achieve this by applying the deny
delete, delete sub-folders and files, append data, change permission and take
ownership permissions to GroupA on the files in question. As 'deny'
permission takes precedence over 'allow' I expected any rights GroupA
inherited to modify the file would have been superceded by the 'deny'
permissions. However, when I tested this I found GroupA users were still able
to delete the files. (I didn't check whether they could modify them)
Looking at a GroupA user's effective permissions on a test file I found the
'delete' permission was not ticked.
How can I achieve the desired outcome? The GroupA users still need to be
able to create, modify and delete files in the folder which have not been
'locked down'.
What was wrong with my reasoning?
Thanks.