Using DENY permissions can be tricky. I'd suggest to the OP to create a test
group to experiment on. If, for example, your domain admins are also members
of the domain, denying some right to domain users will affect the access of
the domain admins as well.
There might be other ways to achieve what the OP is after without resorting
to deny privileges.
/Al
"Anthony [MVP]" <> wrote in message
news:AA66F731-310C-4513-A450-...
> Ben,
> It does work so I suggest you experiment a bit on a test folder.
> Try giving users Read and Write but not Modify and see what you get.
> Anthony,
> http://www.airdesk.com
>
>
> "Ben" <> wrote in message
> news:73c17835-f218-49f3-a5d9-...
>> Hi,
>>
>> I have a client who had an issue this morning where someone had
>> deleted a large volume of folders on a server. Luckily we were able to
>> restore the deleted files & folders. But we now want to block users
>> from deleting folders.
>>
>> So the folder D:\Data is shared out as \\server\data, share
>> permissions are set to 'Everyone' has 'Change + Read', and the NTFS
>> permissions are set so currently Domain Admins have full control, and
>> Domain Users have modify. Now I want to add the permisson 'Deny Delete
>> Subfolders & Files' & 'Deny Delete'. So I've added this permission for
>> 'Domain Users' under 'Security tab > Advanced' > 'Permissions' and
>> also enabled auditing for success/failure of delete. However when I
>> access the folder across the network via a test user who is a member
>> of 'Domain Users', I can still delete the folder. The audit log shows
>> that Delete was successful for test.user.
>>
>> I have tried adding the Deny permission for 'Domain Users', the built
>> in group 'Users' and the group 'Everyone'. But no matter what option I
>> use, I can still delete the folder.
>>
>> I'm running Windows 2003 R2 Standard SP2 in 2003 domain/forest mode,
>> and Windows XP clients.
>>
>> Can anyone suggest why the Deny permission isn't working?
>>
>> Thanks
>>
>> Ben
>
Similar Threads
Linear Mode
