How to stop people from delting folders on Server 2000

sbertram · August 2007

Hi I just started a new job as a computer tech in January, and my boss gave me the task to fix permission issues on our file server so users can no longer delete folders. I am having issues and need someone’s help.

Here is the background on the server, first it was set up wrong with the Every One group having access to every folder, but two. Our HR and Accounting folders have the Every One group removed and just my boss, Accounting and the HR user accounts added to respective folders. We are running Server 2000 on all our servers including this file server. We have one server we run AD on and it has a number of issues, and my boss does not want any one to mess with it any more than we have to. Because of this I can not make security groups and apply them to folders like all the Microsoft press books tell me to. Right now we cannot afforded to buy a new server and move to a 2003 AD. So we have to live with things the way they are right now.

The file server has a C and F drive running on SCSI RAID 5 array. The C drive has Server 2000 on it, and the F drive is where the 40 some gigs of data lives. When I do properties on the root of the F drive under the security tab the only group in there is the Everyone group and it has full access.

I made a new folder called test and when I got to the properties of that under the sharing tab the Everyone group has full access. When I click on the security tab the Everyone group as full access, and there is a check mark next to the “Allow in heritable permissions from parent to propagate to this object” I click on the advance tab I do a view edit on Everyone I put a check mark next to delete subfolders and files and I put a check mark next to “Apply these permissions to objects and/or containers within this container only. I hot ok and then remove the check mark next to “Allow inheritable permissions from parent to propagate to this object”, I then hit the remove button on the permission warring screen and hit ok. I hit ok on the deny warning screen. I hit all the oks until I am back and I go to my work station and go to my test folder and I am able to delete all the folders and files I want, and other users can as well.

I got back into the properties of my test folder and under the security tab the check mark is gone from the full control box. I hit advance button and under the type window I see Deny and when I view that, there is a check mark next to delete subfolders and files under the deny area. Next to the apply onto window, it says this folder, subfolder and files. There is a check mark to “Apply these permissions to objects and/or containers within this container only”

What is wrong, and how do I get it so that all users can no longer remove folders?

Thanks

blargoe · August 2007

The box for Apply to objects or containers contained within this container will only apply the permissions to objects within the first level of the folder, i.e., the subfolder object and files, but not any further than that. If it were more than one level down the permission would not apply.

sbertram · August 2007

Hi so what do i have to do to get these permissions to go down several folders deep to stop people from deleting folders?
Thanks for the help

blargoe · August 2007

I haven't done this specifically before, but it looks like you have to uncheck the box that I spoke of first. Then, you have to reapply permissions to propagate down to the child objects.

sprkymrk · August 2007

That is too complicated of a mess for us to really comment on. Sounds like a "folder-by-folder" spot check of permissions. Also known as an "audit". I don't think you have a one-click solution to be honest. Good luck.

ally_uk · August 2007

Lol who the hell was your SYS/Network administrator before?

Man they sound like a cowboy

sbertram · August 2007

Hi blargoe and i tried what you said and it works to stop my from deleting a folder on the root of my test folder but if i make folders or files inside that folder those i can delete. My end goal is to allow users to make their own folders and sub folders and files and files in the sub folders as they can today but i just want them to stop from deleteing any folder no matter how many sub folders deep.

sprkymrk, thanks for the advice maybe we just have to get a new server with server 2003 and start over. Do you have any links i can read more on about stoping folders from being deleted in server 2000? I did a google search but did not find to much out there, thats why i came here. Plus i come here before to read up on certs.

ally_uk it was some girl she has been gone for over a year now, should have her come back and fix this.

RTmarc · August 2007

As long as the users only have Read and Exectute and Write permissions and you propagate the permissions to all other subfolders your problem should be remedied. I would go to the root folder, disable inheritance, Remove previous permissions, apply the new permissions, and then propagate to all lower level folders. Of course I may have missed what you are trying to accomplish also... $:\$

sprkymrk · August 2007

RTmarc wrote:

As long as the users only have Read and Exectute and Write permissions and you propagate the permissions to all other subfolders your problem should be remedied. I would go to the root folder, disable inheritance, Remove previous permissions, apply the new permissions, and then propagate to all lower level folders. Of course I may have missed what you are trying to accomplish also... $:\$

The problem with that is you now have everybody with the ability to write/read/edit everyone else's stuff regardless of who owns it, what department created it, or who really ought to have access to it. That's why I suggest taking your time and doing it folder-by-folder.

RTmarc · August 2007

sprkymrk wrote:

RTmarc wrote:

As long as the users only have Read and Exectute and Write permissions and you propagate the permissions to all other subfolders your problem should be remedied. I would go to the root folder, disable inheritance, Remove previous permissions, apply the new permissions, and then propagate to all lower level folders. Of course I may have missed what you are trying to accomplish also... $:\$

The problem with that is you now have everybody with the ability to write/read/edit everyone else's stuff regardless of who owns it, what department created it, or who really ought to have access to it. That's why I suggest taking your time and doing it folder-by-folder.

Is he adding these permissions to Everyone/Authenticated?

EDIT: Went back and re-read. The only way he is going to get the desired results is as mentioned above. I'd take a stroll through AD, setup some new security groups, add members accordingly, and then re-create the folder structure.

sbertram · August 2007

RTmarc i belive i did as you asked and i can not delete the first folder in my test folder on the server. But if i go further down i can delete all the folders i want. Any other tips to fix this?

Do you guys know if any links that i can read up on that talk more about how to stop users from deleting folders.

Thanks for all the help means a lot

Take care

How to stop people from delting folders on Server 2000

Comments