The easiest way to prevent users from creating new folders and deleting existing folders is to simply allow only read access to the directories and files. To increase network security, simply allow users to change access.
Now, with that said, if you want to allow #3 while preventing #1 and #2, you are a bit out of luck because of the way Microsoft handles file permissions. As you will see in Figure 1, Microsoft groups the following file and folder management permissions this way:
Create Folders/Append Data
Delete Subfolders and files
Figure 1: Folder permissions in Windows
Consequently, you can't block users from creating folders, but you can allow them to modify files. The closest you could get would be to deny the Create Folders/Append Data permissions, which would force users to save any modified files with a new file name.
Similarly, you can't block the ability to delete folders and at the same time allow the users to delete files. They can either do both, or they can do neither.
Dig Deeper on Network intrusion detection and prevention and malware removal
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.