NTFS allow delete subfolders files only
Okay, this one is a bit tricky – my job needed me to create the following share-structure:
\\nas\scan with 2 subfolders:
– \\nas\scan\printer
– \\nas\scan\plotter
- Domain users are allowed Read permissions on \\nas\scan (it’s their root network drive)
- Domain users are allowed to create files (not folders) underneath printer and plotter
- Domain users are allowed to delete files and subfolders inside printer and plotter
- Domain users are NOT allowed to delete the printer or plotter-folder
Seems easy, right? Wrong – well, it is quite easy, but searching the net for answers are tricky. I hope this can help you!
### \\nas\scan – permissions ###
Share-permissions:
Everyone – Change
NTFS-permissions:
NAS\administrators – Full Control
NAS\Users – Read
### \\nas\scan\printer – permissions ###
NTFS-permissions:
– Stop inheritance Add/Copy existing stuff for easy configuring
– Domain User (add modify in the simple-permission-list – for easy configuring)
Now go to advanced permissions find the ekstra Domain User-permission that’s marked Special and edit that one: Here are the checkmarks I use:
### Result ###
The above gives just the right access so my domain users can create and delete files and folders underneath the printer-folder. If they attempt to delete the printer-folder, they’ll get an access denied!
### Prerequisites ###
This has been tested on at least:
– Windows Server 2008 R2 member-server
– Domain functional level: Windows Server 2003
– Forest functional level: Windows Server 2003