Modify/Delete Permissions

[ITDOD]

I have a customer that wants to secure certain folder so that the folders have the following properties:-

Domain Users can create files/subfolders,
Domain Users can modify existing files/subfolders,
Domain Users can NOT delete files/subfolders

Is this possible as when I take away the advanced permissions of delete and delete subfolders the users lose the modify permissions(although the change permission is still checkmarked) and therefore lose the ability to modfiy and save existing files/subfolders).

Your feedback on this will be greatly appreciated as I can't think of a solution.

 

[brontosaurus]

It should work. Are you taking away the Delete permission, or are you Denying?

 

[ITDOD]

As it was annoying me I tried it on a test server(the problem is at a customer's site) and it worked fine, although when I did exactly the same via an rdp connection to the customers server they still had problems saving files, I am taking away the delete permission as opposed to denying it and then resetting the permissions on the child objects to make sure that existing files are changed - should I be denying rather than removing the desired advanced permissions? I think the problem could well lie with myself and will probably be resolvable when I visit the customer's site on Thursday!

 

[brontosaurus]

don't use Deny if you don't have to. It seems like you're on the right track so I think you're correct in assuming you probably will have better luck when you visit them...

 

[Lassiter]

If someone before you modified the default permission settings for the shares on the server; Permissions to the share maybe to restrictive, affecting your NTFS settings.

I would check group policy of users for permission denials as well.


Just a thought.