My objective is to avoid Users from unintentionally relocating or erasing directories within a particular level of hierarchy in a Windows Server 2019 Share.
Example:
Two User Groups: Admin
and User
|-RootShareDirecory <= Directory that is Shared
|- ProjectFolder1 <= Folder should only be moved / changed / deleted by an admin
|- File1.doc <= User has full access to the content it self.
|- SubFolder2 <= User has full access to the content it self.
|- ProjectFolder2 <= Folder should only be moved / changed / deleted by an admin
...
What have I tried:
I have found multiple solutions for this Issue online, eg:
- How to prevent users from deleting one folder, while still giving them modify permissions to other files and folders?
- https://blogs.uw.edu/curreri/disable-click-and-drag-on-folders/
- https://dilrukj.wordpress.com/2013/01/01/prevent-users-deleting-moving-or-drag-and-drop-folders-in-a-file-share/
I attempted all the solutions, but none of them worked. The majority of solutions suggest setting up an access control list (ACL) for ProjectFolderX to restrict Users from deleting it.
However, I only achieved two outcomes: either ProjectFolderX could still be moved, while all other actions in the RootShareDirectory were prohibited, or ProjectFolderX was immovable, and its contents (such as File1.doc) were also unalterable.
Could someone please provide me with guidance on resolving this problem? Thank you.
3 Answers
Below is the method I employed to address the problem: I am providing details about the user’s permissions. To add these permissions, utilize the Advanced Security dialog by ( Right click / Settings / Security / Advanced ).
RootShareDirecory
- Permission for
This Folder, SubFolder and Files
onlyRead, Execute
ProjectFolderX
- Activate Permission inheritance.
- Permission for
This Folder
every permission excludingDelete
. - Permission for
Only Subfolder and Files
Full Access.
Explaination
To stop a file from being relocated, it is necessary to deactivate the Delete function. However, there are two factors that affect whether a folder can be deleted:
- The
Delete
Permission on the folder it self - The
Delete subfolders and files
of the parent Folder.
Please ensure the user which is not allowed to delete, has none of these two permissions.