 | File and folder management in Microsoft networks is important when several users have access to the same data. You don't want critical information being changed or, even worse, deleted. In this tip, learn how to prevent users from creating new folders, deleting old folders and modifying existing information. |
Question: How do I:
- Prevent users from being able to create new folders?
- Prevent users from being able to delete folders?
- Allow users to add, modify and delete files and to save .dwg files without causing any errors?
- Posed by a SearchWindowsSecurity.com reader.
Windows networking expert Wes Noonan offers this advice:
Answer: I'm not sure if you want to achieve all of these objectives for the same folder or for each independently. I'll try to answer both ways.
The easiest way to prevent users from creating new folders and deleting existing folders is to simply allow read-only access to the directories and files. To increase network security, simply allow users to change access.
Now, with that said, if you want to allow #3 while preventing #1 and #2, you are a bit out of luck because of the way Microsoft handles file permissions. As you will see in Figure 1, Microsoft groups the following file and folder management permissions this way:
Create Folders/Append Data
Delete Subfolders and files
Figure 1: Folder permissions in Windows
Consequently, you can't block users from creating folders, but you can allow them to modify files. The closest you could get would be to deny the Create Folders/Append Data permissions, which would force users to save any modified files with a new file name.
Similarly, you can't block the ability to delete folders and at the same time allow the users to delete files. They can either do both, or they can do neither.
