Manage folder permissions in Windows networks

File and folder management in Microsoft networks is important when several users have access to the same data. You don't want critical information being changed or, even worse, deleted. In this tip, learn how to prevent users from creating new folders, deleting old folders and modifying existing information.

Question: How do I:

  1. Prevent users from being able to create new folders?
  2. Prevent users from being able to delete folders?
  3. Allow users to add, modify and delete files and to save .dwg files without causing any errors?
- Posed by a SearchWindowsSecurity.com reader.

Windows networking expert Wes Noonan offers this advice:

Answer: I'm not sure if you want to achieve all of these objectives for the same folder or for each independently. I'll try to answer both ways.

The easiest way to prevent users from creating new folders and deleting existing folders is to simply allow read-only access to the directories and files. To increase network security, simply allow users to change access.

Now, with that said, if you want to allow #3 while preventing #1 and #2, you are a bit out of luck because of the way Microsoft handles file permissions. As you will see in Figure 1, Microsoft groups the following file and folder management permissions this way:

Create Folders/Append Data

Requires Free Membership to View

Delete Subfolders and files

Figure 1: Folder permissions in Windows

Consequently, you can't block users from creating folders, but you can allow them to modify files. The closest you could get would be to deny the Create Folders/Append Data permissions, which would force users to save any modified files with a new file name.

Similarly, you can't block the ability to delete folders and at the same time allow the users to delete files. They can either do both, or they can do neither.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.