Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows ACL, modify without delete

Status
Not open for further replies.
godzilr1

godzilr1

Technical User
Mar 24, 2009
1
0
0
US
Hi guys. I have a situation with ACL's, I'm still learning and not even sure if it's possible.

I have a user that wants a folder called Secure on a share (domain users have modify). In this folder they want to be able to create and modify the documents, but not Delete them once it's in there. I have given them Modify permissions.

The problem I’m coming across is that if we leave it at Modify, they can delete. If I set Deny delete, they can’t rename to files they just created. If I don’t give them modify, they cannot create the files there that they need.

Is there another way around this with a different configuration on permissions or is this even possible at all? Any additional thoughts or ideas on maybe how to go about an entirely different file structure would be great.

Thanks

 
Sort by date Sort by votes
Changing the name or changing the data within a documents will require delete capabilities as part of the modify rights.

You can deny delete, but the users would need to create a new file each time the wanted it to be a new name or change data within th file(does not effect Adding info to a file).

I would look in to setting up Previous Versions on your server hosting these files.

________________________________________
Achieving a perception of high intelligence level can only be limited by your manipulation skills of the Google algorithm!
 
Upvote 0 Downvote
Modify without deleting ability...
No way around it with the Windows NTFS.

This is Microsoft's largest permission flaw which Novell had correct around 20 years ago with "delete inhibit". Users have been asking MS for a "delete inhibit" equal for years.

If your worried about accidental deletions, look into Diskeeper's "Undelete". I maintain it on most client's main servers. Unlike Shadow copy, all files and folders are protected up to the second, plus it protects with multiple file revisions. Sure beat going to shadow copy (if the info is even there) or tape. Costs $500.00, which is more than I paid, but it it is cheap if a user deletes an entire directory or just one large work intensive file.




........................................
Chernobyl disaster..a must see pictorial
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
117
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
143
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
94
antonio_dsanchez
antonio_dsanchez
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
132
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
143
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top