Ask the Expert

Folder/file management for Windows network security

How do I: 1) prevent users from being able to create new folders? 2} prevent users from being able to delete folders? and 3) allow users to add, modify and delete files and to save .dwg files without causing any errors?
I'm not sure if you want to achieve all of these objectives for the same folder or for each independently. I'll try to answer both ways.

The easiest way to prevent users from creating new folders and deleting existing folders is to simply allow only read access to the directories and files. To increase network security, simply allow users to change access.

Now, with that said, if you want to allow #3 while preventing #1 and #2, you are a bit out of luck because of the way Microsoft handles file permissions. As you will see in Figure 1, Microsoft groups the following file and folder management permissions this way:

Create Folders/Append Data

Delete Subfolders and files


Figure 1: Folder permissions in Windows

Consequently, you can't block users from creating folders, but you can allow them to modify files. The closest you could get would be to deny the Create Folders/Append Data permissions, which would force users to save any modified files with a new file name.

Similarly, you can't block the ability to delete folders and at the same time allow the users to delete files. They can either do both, or they can do neither.

This was first published in September 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: