General discussion

Locked

HOW DO I SET NO DELETE PERMISSION IN NT4

By wabit ·
This question was posted on 26 July 2000 but have not received any valuable and useable response. I am reposting this question again and am increasing the techpoints to 500 if any of you out there are able to assist me on this matter. It is very urgent that I get it resolved as the danger of unauthorized deletion of files is increasing daily here. PLEASE RENDER YOUR ASSISTANCE!!!!! The problem is as follows:

I administer a Win NT4 Server with Win95/98 workstations. I need to implement Security Permission Settings on Drive D in the server such that all users except for Administrator Group and Managers are allowed to delete files. I have tried using Special Access settings for files and folders give the users (RWX)(RWX) but have found that users are unable to write, add or edit files and folders. Share permissions are all set to Change permissions.

This conversation is currently closed to new comments.

15 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by ckaylam In reply to HOW DO I SET NO DELETE PE ...

Assume that your D drive is in NTFS
Since your client access the share volume of D drive.

The client access permission is determined by both the share /files (the more restrictive one)

suggestion

1)Assign the users with the same permission in the share /file permission(RWX)

2)Assign the users with full control in files permission
Assign the users with the permission of RWX in the share permission.
(Dont worry about this as access the resource through network is limited by the more restricted one

Mostly suggestion 2 will work and let me know the result

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by wabit In reply to HOW DO I SET NO DELETE PE ...

The question was auto-closed by TechRepublic

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by NetTek In reply to HOW DO I SET NO DELETE PE ...

As I understand it, you want users to be able to read, write, add, and modify files within a share, without them being able to delete files. Read, Write, Add, List, and Execute permissions do not allow for editing of files. This can only be given with the Change permission, which also allows you to delete files. Unfortunately, you cannot set file and directory permissions that will enable users to edit files and yet NOT be able to delete them. This is not really an oversite by Microsoft; ithas to do with the way applications open and change files. Let me explain:

Let's say you open a file called MYFILE.doc from a share on the server into MS WORD. WORD first makes a copy of the file and names it something else, like $MYFILE.TMP$ for example. It then opens $MYFILE.TMP$, leaving the original MYFILE.doc intact. When you edit the document, you are now making changes to $MYFILE.TMP$, and not MYFILE.doc. When you save the changes, WORD will then DELETE the original MYFILE.doc, and then rename $MYFIL

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by wabit In reply to HOW DO I SET NO DELETE PE ...

The question was auto-closed by TechRepublic

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by NetTek In reply to HOW DO I SET NO DELETE PE ...

Sorry, I was cut off. As I was saying:

When you save the changes, WORD will then DELETE MYFILE.doc, and then rename $MYFILE.TMP$ to MYFILE.doc.

So, as you can see, the way applications work requires them to be able to delete files in order tomake changes.

I know this won't help your problem, but it at least explains why you cannot do what you want to do.

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by wabit In reply to HOW DO I SET NO DELETE PE ...

The question was auto-closed by TechRepublic

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by Nunya Bidnez In reply to HOW DO I SET NO DELETE PE ...

Leave the share permissions at Full Control for Everyone. Use NTFS to secure the items. Now, for the important part: When a user has the built-in FC permission to a parent directory, s/he can delete anything inside it, even items to which s/he has been explicitly denied access. This is because the "canned" Full Control permission includes a hidden POSIX permission called "Folder Delete Child". To get around this, on the parent directory, select "Special Directory Access" and grant *all* permissions, including delete (you may need to move further up your directory structure than where you have been working). Then, on the folders/files inside, set permissions as you want them to be applied (no delete). Do not use the built-in Full Control permission, and the hidden POSIX permission will not be created.

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by wabit In reply to HOW DO I SET NO DELETE PE ...

The question was auto-closed by TechRepublic

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by Nunya Bidnez In reply to HOW DO I SET NO DELETE PE ...

Leave the share permissions at Full Control for Everyone. Use NTFS to secure the items. Now, for the important part: When a user has the built-in FC permission to a parent directory, s/he can delete anything inside it, even items to which s/he has been explicitly denied access. This is because the "canned" Full Control permission includes a hidden POSIX permission called "Folder Delete Child". To get around this, on the parent directory, select "Special Directory Access" and grant *all* permissions, including delete (you may need to move further up your directory structure than where you have been working). Then, on the folders/files inside, set permissions as you want them to be applied (no delete). Do not use the built-in Full Control permission, and the hidden POSIX permission will not be created.

Collapse -

HOW DO I SET NO DELETE PERMISSION IN NT4

by wabit In reply to HOW DO I SET NO DELETE PE ...

The question was auto-closed by TechRepublic

Back to Windows Forum
15 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums