NTFS modify but not delete

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Guys,

I know it sounds trivial and maybe sounds like a stupid question but I
couldn't really find a way to prevent my users from deleting files from a
shared folder on a file server, but still be able to create and modify.

The folder contains only office documents (and I know they create a special
temp file once opened), and it's either the users modify but then they can
delete files, or they cannot delete files but they aren't able to save the
changes to the files at all.
Any input would be highly appreciated!
data:
Win2K domain, ntfs 5, either basic or dynamic disks, I think the file server
might have been an NT4 before, brand new test users, brand new test security
groups, no luck whatsoever
PS: I was able to do it on any non office files (ie txt)
Julian Dragut
8 answers Last reply
More about ntfs modify delete
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Try adding a grant of modify for Creator Owner,
    possibly also adding a grant so that Users can create
    new files (depending on just what they already have).
    The Creator Owner grant will let them delete the temp
    files that are created while editing the Office docs as
    each account will be owner of the ones it has caused.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Julian Dragut" <julianmd@groups.com> wrote in message
    news:9b1Hd.19298$YI4.1157682@wagner.videotron.net...
    > Hi Guys,
    >
    > I know it sounds trivial and maybe sounds like a stupid question but I
    > couldn't really find a way to prevent my users from deleting files from a
    > shared folder on a file server, but still be able to create and modify.
    >
    > The folder contains only office documents (and I know they create a
    special
    > temp file once opened), and it's either the users modify but then they can
    > delete files, or they cannot delete files but they aren't able to save the
    > changes to the files at all.
    > Any input would be highly appreciated!
    > data:
    > Win2K domain, ntfs 5, either basic or dynamic disks, I think the file
    server
    > might have been an NT4 before, brand new test users, brand new test
    security
    > groups, no luck whatsoever
    > PS: I was able to do it on any non office files (ie txt)
    > Julian Dragut
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Thank you Abell,

    That means that the users will be able delete, which is exaclty what I don't
    want them to do!

    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:eJLI2aS$EHA.2076@TK2MSFTNGP15.phx.gbl...
    > Try adding a grant of modify for Creator Owner,
    > possibly also adding a grant so that Users can create
    > new files (depending on just what they already have).
    > The Creator Owner grant will let them delete the temp
    > files that are created while editing the Office docs as
    > each account will be owner of the ones it has caused.
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "Julian Dragut" <julianmd@groups.com> wrote in message
    > news:9b1Hd.19298$YI4.1157682@wagner.videotron.net...
    > > Hi Guys,
    > >
    > > I know it sounds trivial and maybe sounds like a stupid question but I
    > > couldn't really find a way to prevent my users from deleting files from
    a
    > > shared folder on a file server, but still be able to create and modify.
    > >
    > > The folder contains only office documents (and I know they create a
    > special
    > > temp file once opened), and it's either the users modify but then they
    can
    > > delete files, or they cannot delete files but they aren't able to save
    the
    > > changes to the files at all.
    > > Any input would be highly appreciated!
    > > data:
    > > Win2K domain, ntfs 5, either basic or dynamic disks, I think the file
    > server
    > > might have been an NT4 before, brand new test users, brand new test
    > security
    > > groups, no luck whatsoever
    > > PS: I was able to do it on any non office files (ie txt)
    > > Julian Dragut
    > >
    > >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    It means they will be able to delete what they created,
    such as the temp files. It does not mean they will be
    able to delete files that they did not create.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Julian Dragut" <julianmd@groups.com> wrote in message
    news:W19Hd.121825$KO5.7316@clgrps13...
    > Thank you Abell,
    >
    > That means that the users will be able delete, which is exaclty what I
    don't
    > want them to do!
    >
    > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > news:eJLI2aS$EHA.2076@TK2MSFTNGP15.phx.gbl...
    > > Try adding a grant of modify for Creator Owner,
    > > possibly also adding a grant so that Users can create
    > > new files (depending on just what they already have).
    > > The Creator Owner grant will let them delete the temp
    > > files that are created while editing the Office docs as
    > > each account will be owner of the ones it has caused.
    > >
    > > --
    > > Roger Abell
    > > Microsoft MVP (Windows Security)
    > > MCSE (W2k3,W2k,Nt4) MCDBA
    > > "Julian Dragut" <julianmd@groups.com> wrote in message
    > > news:9b1Hd.19298$YI4.1157682@wagner.videotron.net...
    > > > Hi Guys,
    > > >
    > > > I know it sounds trivial and maybe sounds like a stupid question but I
    > > > couldn't really find a way to prevent my users from deleting files
    from
    > a
    > > > shared folder on a file server, but still be able to create and
    modify.
    > > >
    > > > The folder contains only office documents (and I know they create a
    > > special
    > > > temp file once opened), and it's either the users modify but then they
    > can
    > > > delete files, or they cannot delete files but they aren't able to save
    > the
    > > > changes to the files at all.
    > > > Any input would be highly appreciated!
    > > > data:
    > > > Win2K domain, ntfs 5, either basic or dynamic disks, I think the file
    > > server
    > > > might have been an NT4 before, brand new test users, brand new test
    > > security
    > > > groups, no luck whatsoever
    > > > PS: I was able to do it on any non office files (ie txt)
    > > > Julian Dragut
    > > >
    > > >
    > >
    > >
    >
    >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks again Abell,

    It was clear to me in the first place; however, files created by them can be
    deleted and I don't want that, plus the rest of the users are still unable
    to save the modified files.....feel like I'm missing something here (back to
    the ntfs basics maybe?)
    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:utpnB9W$EHA.1452@TK2MSFTNGP11.phx.gbl...
    > It means they will be able to delete what they created,
    > such as the temp files. It does not mean they will be
    > able to delete files that they did not create.
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "Julian Dragut" <julianmd@groups.com> wrote in message
    > news:W19Hd.121825$KO5.7316@clgrps13...
    >> Thank you Abell,
    >>
    >> That means that the users will be able delete, which is exaclty what I
    > don't
    >> want them to do!
    >>
    >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    >> news:eJLI2aS$EHA.2076@TK2MSFTNGP15.phx.gbl...
    >> > Try adding a grant of modify for Creator Owner,
    >> > possibly also adding a grant so that Users can create
    >> > new files (depending on just what they already have).
    >> > The Creator Owner grant will let them delete the temp
    >> > files that are created while editing the Office docs as
    >> > each account will be owner of the ones it has caused.
    >> >
    >> > --
    >> > Roger Abell
    >> > Microsoft MVP (Windows Security)
    >> > MCSE (W2k3,W2k,Nt4) MCDBA
    >> > "Julian Dragut" <julianmd@groups.com> wrote in message
    >> > news:9b1Hd.19298$YI4.1157682@wagner.videotron.net...
    >> > > Hi Guys,
    >> > >
    >> > > I know it sounds trivial and maybe sounds like a stupid question but
    >> > > I
    >> > > couldn't really find a way to prevent my users from deleting files
    > from
    >> a
    >> > > shared folder on a file server, but still be able to create and
    > modify.
    >> > >
    >> > > The folder contains only office documents (and I know they create a
    >> > special
    >> > > temp file once opened), and it's either the users modify but then
    >> > > they
    >> can
    >> > > delete files, or they cannot delete files but they aren't able to
    >> > > save
    >> the
    >> > > changes to the files at all.
    >> > > Any input would be highly appreciated!
    >> > > data:
    >> > > Win2K domain, ntfs 5, either basic or dynamic disks, I think the file
    >> > server
    >> > > might have been an NT4 before, brand new test users, brand new test
    >> > security
    >> > > groups, no luck whatsoever
    >> > > PS: I was able to do it on any non office files (ie txt)
    >> > > Julian Dragut
    >> > >
    >> > >
    >> >
    >> >
    >>
    >>
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    But you see, you have now added another part of the
    requirement - that they can create files there also.
    Before you only said modify file but not delete.
    The solution I indicated works if you are willing to
    allow one user to be "master" or "originator" of a
    document, and all others to be editors of it (but not
    able to delete it). The originator of the file will have
    the ability to remove what they started (unless the
    ownership and direct grant to that originating account
    are periodically removed by nightly script).

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Julian Dragut" <julianmd@groups.com> wrote in message
    news:t4DHd.22981$Xz5.977758@wagner.videotron.net...
    > Thanks again Abell,
    >
    > It was clear to me in the first place; however, files created by them can
    be
    > deleted and I don't want that, plus the rest of the users are still unable
    > to save the modified files.....feel like I'm missing something here (back
    to
    > the ntfs basics maybe?)
    > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > news:utpnB9W$EHA.1452@TK2MSFTNGP11.phx.gbl...
    > > It means they will be able to delete what they created,
    > > such as the temp files. It does not mean they will be
    > > able to delete files that they did not create.
    > >
    > > --
    > > Roger Abell
    > > Microsoft MVP (Windows Security)
    > > MCSE (W2k3,W2k,Nt4) MCDBA
    > > "Julian Dragut" <julianmd@groups.com> wrote in message
    > > news:W19Hd.121825$KO5.7316@clgrps13...
    > >> Thank you Abell,
    > >>
    > >> That means that the users will be able delete, which is exaclty what I
    > > don't
    > >> want them to do!
    > >>
    > >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > >> news:eJLI2aS$EHA.2076@TK2MSFTNGP15.phx.gbl...
    > >> > Try adding a grant of modify for Creator Owner,
    > >> > possibly also adding a grant so that Users can create
    > >> > new files (depending on just what they already have).
    > >> > The Creator Owner grant will let them delete the temp
    > >> > files that are created while editing the Office docs as
    > >> > each account will be owner of the ones it has caused.
    > >> >
    > >> > --
    > >> > Roger Abell
    > >> > Microsoft MVP (Windows Security)
    > >> > MCSE (W2k3,W2k,Nt4) MCDBA
    > >> > "Julian Dragut" <julianmd@groups.com> wrote in message
    > >> > news:9b1Hd.19298$YI4.1157682@wagner.videotron.net...
    > >> > > Hi Guys,
    > >> > >
    > >> > > I know it sounds trivial and maybe sounds like a stupid question
    but
    > >> > > I
    > >> > > couldn't really find a way to prevent my users from deleting files
    > > from
    > >> a
    > >> > > shared folder on a file server, but still be able to create and
    > > modify.
    > >> > >
    > >> > > The folder contains only office documents (and I know they create a
    > >> > special
    > >> > > temp file once opened), and it's either the users modify but then
    > >> > > they
    > >> can
    > >> > > delete files, or they cannot delete files but they aren't able to
    > >> > > save
    > >> the
    > >> > > changes to the files at all.
    > >> > > Any input would be highly appreciated!
    > >> > > data:
    > >> > > Win2K domain, ntfs 5, either basic or dynamic disks, I think the
    file
    > >> > server
    > >> > > might have been an NT4 before, brand new test users, brand new test
    > >> > security
    > >> > > groups, no luck whatsoever
    > >> > > PS: I was able to do it on any non office files (ie txt)
    > >> > > Julian Dragut
    > >> > >
    > >> > >
    > >> >
    > >> >
    > >>
    > >>
    > >
    > >
    >
    >
  6. Archived from groups: microsoft.public.win2000.security (More info?)

    Thank you Abell,
    It seems that this (master - modifier) it's my only choice ...sadly!
    Thank you for your prompt responses!
    Julian Dragut
    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:us8j6mr$EHA.3424@TK2MSFTNGP11.phx.gbl...
    > But you see, you have now added another part of the
    > requirement - that they can create files there also.
    > Before you only said modify file but not delete.
    > The solution I indicated works if you are willing to
    > allow one user to be "master" or "originator" of a
    > document, and all others to be editors of it (but not
    > able to delete it). The originator of the file will have
    > the ability to remove what they started (unless the
    > ownership and direct grant to that originating account
    > are periodically removed by nightly script).
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "Julian Dragut" <julianmd@groups.com> wrote in message
    > news:t4DHd.22981$Xz5.977758@wagner.videotron.net...
    > > Thanks again Abell,
    > >
    > > It was clear to me in the first place; however, files created by them
    can
    > be
    > > deleted and I don't want that, plus the rest of the users are still
    unable
    > > to save the modified files.....feel like I'm missing something here
    (back
    > to
    > > the ntfs basics maybe?)
    > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > > news:utpnB9W$EHA.1452@TK2MSFTNGP11.phx.gbl...
    > > > It means they will be able to delete what they created,
    > > > such as the temp files. It does not mean they will be
    > > > able to delete files that they did not create.
    > > >
    > > > --
    > > > Roger Abell
    > > > Microsoft MVP (Windows Security)
    > > > MCSE (W2k3,W2k,Nt4) MCDBA
    > > > "Julian Dragut" <julianmd@groups.com> wrote in message
    > > > news:W19Hd.121825$KO5.7316@clgrps13...
    > > >> Thank you Abell,
    > > >>
    > > >> That means that the users will be able delete, which is exaclty what
    I
    > > > don't
    > > >> want them to do!
    > > >>
    > > >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > > >> news:eJLI2aS$EHA.2076@TK2MSFTNGP15.phx.gbl...
    > > >> > Try adding a grant of modify for Creator Owner,
    > > >> > possibly also adding a grant so that Users can create
    > > >> > new files (depending on just what they already have).
    > > >> > The Creator Owner grant will let them delete the temp
    > > >> > files that are created while editing the Office docs as
    > > >> > each account will be owner of the ones it has caused.
    > > >> >
    > > >> > --
    > > >> > Roger Abell
    > > >> > Microsoft MVP (Windows Security)
    > > >> > MCSE (W2k3,W2k,Nt4) MCDBA
    > > >> > "Julian Dragut" <julianmd@groups.com> wrote in message
    > > >> > news:9b1Hd.19298$YI4.1157682@wagner.videotron.net...
    > > >> > > Hi Guys,
    > > >> > >
    > > >> > > I know it sounds trivial and maybe sounds like a stupid question
    > but
    > > >> > > I
    > > >> > > couldn't really find a way to prevent my users from deleting
    files
    > > > from
    > > >> a
    > > >> > > shared folder on a file server, but still be able to create and
    > > > modify.
    > > >> > >
    > > >> > > The folder contains only office documents (and I know they create
    a
    > > >> > special
    > > >> > > temp file once opened), and it's either the users modify but then
    > > >> > > they
    > > >> can
    > > >> > > delete files, or they cannot delete files but they aren't able to
    > > >> > > save
    > > >> the
    > > >> > > changes to the files at all.
    > > >> > > Any input would be highly appreciated!
    > > >> > > data:
    > > >> > > Win2K domain, ntfs 5, either basic or dynamic disks, I think the
    > file
    > > >> > server
    > > >> > > might have been an NT4 before, brand new test users, brand new
    test
    > > >> > security
    > > >> > > groups, no luck whatsoever
    > > >> > > PS: I was able to do it on any non office files (ie txt)
    > > >> > > Julian Dragut
    > > >> > >
    > > >> > >
    > > >> >
    > > >> >
    > > >>
    > > >>
    > > >
    > > >
    > >
    > >
    >
    >
  7. Archived from groups: microsoft.public.win2000.security (More info?)

    "Julian Dragut" <julianmd@groups.com> wrote in message
    news:4MQHd.5678$Qb.2058@edtnps89...
    > Thank you Abell,
    > It seems that this (master - modifier) it's my only choice ...sadly!
    > Thank you for your prompt responses!


    You are welcome Julian.
    Notice that this in not a Windows design issue, but a failing
    of Office to recognize why we have %temp% and %tmp%
    environment variables and using them.
    <aside>
    would someone please slap that Office group upside the head
    </aside>

    --
    Roger

    > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > news:us8j6mr$EHA.3424@TK2MSFTNGP11.phx.gbl...
    > > But you see, you have now added another part of the
    > > requirement - that they can create files there also.
    > > Before you only said modify file but not delete.
    > > The solution I indicated works if you are willing to
    > > allow one user to be "master" or "originator" of a
    > > document, and all others to be editors of it (but not
    > > able to delete it). The originator of the file will have
    > > the ability to remove what they started (unless the
    > > ownership and direct grant to that originating account
    > > are periodically removed by nightly script).
    > >
    > > --
    > > Roger Abell
    > > Microsoft MVP (Windows Security)
    > > MCSE (W2k3,W2k,Nt4) MCDBA
    > > "Julian Dragut" <julianmd@groups.com> wrote in message
    > > news:t4DHd.22981$Xz5.977758@wagner.videotron.net...
    > > > Thanks again Abell,
    > > >
    > > > It was clear to me in the first place; however, files created by them
    > can
    > > be
    > > > deleted and I don't want that, plus the rest of the users are still
    > unable
    > > > to save the modified files.....feel like I'm missing something here
    > (back
    > > to
    > > > the ntfs basics maybe?)
    > > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > > > news:utpnB9W$EHA.1452@TK2MSFTNGP11.phx.gbl...
    > > > > It means they will be able to delete what they created,
    > > > > such as the temp files. It does not mean they will be
    > > > > able to delete files that they did not create.
    > > > >
    > > > > --
    > > > > Roger Abell
    > > > > Microsoft MVP (Windows Security)
    > > > > MCSE (W2k3,W2k,Nt4) MCDBA
    > > > > "Julian Dragut" <julianmd@groups.com> wrote in message
    > > > > news:W19Hd.121825$KO5.7316@clgrps13...
    > > > >> Thank you Abell,
    > > > >>
    > > > >> That means that the users will be able delete, which is exaclty
    what
    > I
    > > > > don't
    > > > >> want them to do!
    > > > >>
    > > > >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > > > >> news:eJLI2aS$EHA.2076@TK2MSFTNGP15.phx.gbl...
    > > > >> > Try adding a grant of modify for Creator Owner,
    > > > >> > possibly also adding a grant so that Users can create
    > > > >> > new files (depending on just what they already have).
    > > > >> > The Creator Owner grant will let them delete the temp
    > > > >> > files that are created while editing the Office docs as
    > > > >> > each account will be owner of the ones it has caused.
    > > > >> >
    > > > >> > --
    > > > >> > Roger Abell
    > > > >> > Microsoft MVP (Windows Security)
    > > > >> > MCSE (W2k3,W2k,Nt4) MCDBA
    > > > >> > "Julian Dragut" <julianmd@groups.com> wrote in message
    > > > >> > news:9b1Hd.19298$YI4.1157682@wagner.videotron.net...
    > > > >> > > Hi Guys,
    > > > >> > >
    > > > >> > > I know it sounds trivial and maybe sounds like a stupid
    question
    > > but
    > > > >> > > I
    > > > >> > > couldn't really find a way to prevent my users from deleting
    > files
    > > > > from
    > > > >> a
    > > > >> > > shared folder on a file server, but still be able to create and
    > > > > modify.
    > > > >> > >
    > > > >> > > The folder contains only office documents (and I know they
    create
    > a
    > > > >> > special
    > > > >> > > temp file once opened), and it's either the users modify but
    then
    > > > >> > > they
    > > > >> can
    > > > >> > > delete files, or they cannot delete files but they aren't able
    to
    > > > >> > > save
    > > > >> the
    > > > >> > > changes to the files at all.
    > > > >> > > Any input would be highly appreciated!
    > > > >> > > data:
    > > > >> > > Win2K domain, ntfs 5, either basic or dynamic disks, I think
    the
    > > file
    > > > >> > server
    > > > >> > > might have been an NT4 before, brand new test users, brand new
    > test
    > > > >> > security
    > > > >> > > groups, no luck whatsoever
    > > > >> > > PS: I was able to do it on any non office files (ie txt)
    > > > >> > > Julian Dragut
    > > > >> > >
    > > > >> > >
    > > > >> >
    > > > >> >
    > > > >>
    > > > >>
    > > > >
    > > > >
    > > >
    > > >
    > >
    > >
    >
    >
  8. Archived from groups: microsoft.public.win2000.security (More info?)

    Hear ya!
    100% agreed
    Julian Dragut
    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:eA5cSY5$EHA.1564@TK2MSFTNGP09.phx.gbl...
    > "Julian Dragut" <julianmd@groups.com> wrote in message
    > news:4MQHd.5678$Qb.2058@edtnps89...
    >> Thank you Abell,
    >> It seems that this (master - modifier) it's my only choice ...sadly!
    >> Thank you for your prompt responses!
    >
    >
    > You are welcome Julian.
    > Notice that this in not a Windows design issue, but a failing
    > of Office to recognize why we have %temp% and %tmp%
    > environment variables and using them.
    > <aside>
    > would someone please slap that Office group upside the head
    > </aside>
    >
    > --
    > Roger
    >
    >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    >> news:us8j6mr$EHA.3424@TK2MSFTNGP11.phx.gbl...
    >> > But you see, you have now added another part of the
    >> > requirement - that they can create files there also.
    >> > Before you only said modify file but not delete.
    >> > The solution I indicated works if you are willing to
    >> > allow one user to be "master" or "originator" of a
    >> > document, and all others to be editors of it (but not
    >> > able to delete it). The originator of the file will have
    >> > the ability to remove what they started (unless the
    >> > ownership and direct grant to that originating account
    >> > are periodically removed by nightly script).
    >> >
    >> > --
    >> > Roger Abell
    >> > Microsoft MVP (Windows Security)
    >> > MCSE (W2k3,W2k,Nt4) MCDBA
    >> > "Julian Dragut" <julianmd@groups.com> wrote in message
    >> > news:t4DHd.22981$Xz5.977758@wagner.videotron.net...
    >> > > Thanks again Abell,
    >> > >
    >> > > It was clear to me in the first place; however, files created by them
    >> can
    >> > be
    >> > > deleted and I don't want that, plus the rest of the users are still
    >> unable
    >> > > to save the modified files.....feel like I'm missing something here
    >> (back
    >> > to
    >> > > the ntfs basics maybe?)
    >> > > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    >> > > news:utpnB9W$EHA.1452@TK2MSFTNGP11.phx.gbl...
    >> > > > It means they will be able to delete what they created,
    >> > > > such as the temp files. It does not mean they will be
    >> > > > able to delete files that they did not create.
    >> > > >
    >> > > > --
    >> > > > Roger Abell
    >> > > > Microsoft MVP (Windows Security)
    >> > > > MCSE (W2k3,W2k,Nt4) MCDBA
    >> > > > "Julian Dragut" <julianmd@groups.com> wrote in message
    >> > > > news:W19Hd.121825$KO5.7316@clgrps13...
    >> > > >> Thank you Abell,
    >> > > >>
    >> > > >> That means that the users will be able delete, which is exaclty
    > what
    >> I
    >> > > > don't
    >> > > >> want them to do!
    >> > > >>
    >> > > >> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    >> > > >> news:eJLI2aS$EHA.2076@TK2MSFTNGP15.phx.gbl...
    >> > > >> > Try adding a grant of modify for Creator Owner,
    >> > > >> > possibly also adding a grant so that Users can create
    >> > > >> > new files (depending on just what they already have).
    >> > > >> > The Creator Owner grant will let them delete the temp
    >> > > >> > files that are created while editing the Office docs as
    >> > > >> > each account will be owner of the ones it has caused.
    >> > > >> >
    >> > > >> > --
    >> > > >> > Roger Abell
    >> > > >> > Microsoft MVP (Windows Security)
    >> > > >> > MCSE (W2k3,W2k,Nt4) MCDBA
    >> > > >> > "Julian Dragut" <julianmd@groups.com> wrote in message
    >> > > >> > news:9b1Hd.19298$YI4.1157682@wagner.videotron.net...
    >> > > >> > > Hi Guys,
    >> > > >> > >
    >> > > >> > > I know it sounds trivial and maybe sounds like a stupid
    > question
    >> > but
    >> > > >> > > I
    >> > > >> > > couldn't really find a way to prevent my users from deleting
    >> files
    >> > > > from
    >> > > >> a
    >> > > >> > > shared folder on a file server, but still be able to create
    >> > > >> > > and
    >> > > > modify.
    >> > > >> > >
    >> > > >> > > The folder contains only office documents (and I know they
    > create
    >> a
    >> > > >> > special
    >> > > >> > > temp file once opened), and it's either the users modify but
    > then
    >> > > >> > > they
    >> > > >> can
    >> > > >> > > delete files, or they cannot delete files but they aren't able
    > to
    >> > > >> > > save
    >> > > >> the
    >> > > >> > > changes to the files at all.
    >> > > >> > > Any input would be highly appreciated!
    >> > > >> > > data:
    >> > > >> > > Win2K domain, ntfs 5, either basic or dynamic disks, I think
    > the
    >> > file
    >> > > >> > server
    >> > > >> > > might have been an NT4 before, brand new test users, brand new
    >> test
    >> > > >> > security
    >> > > >> > > groups, no luck whatsoever
    >> > > >> > > PS: I was able to do it on any non office files (ie txt)
    >> > > >> > > Julian Dragut
    >> > > >> > >
    >> > > >> > >
    >> > > >> >
    >> > > >> >
    >> > > >>
    >> > > >>
    >> > > >
    >> > > >
    >> > >
    >> > >
    >> >
    >> >
    >>
    >>
    >
    >
Ask a new question

Read More

Security Windows