I am setting up a set of scan folders from a scanning copier device, and would like to know the best way to protect the folders (for each department) from moving or deletion, but yet still allow access for the users to modify (i.e. create/add/delete) the scanned files within the folder.
Structure is: Share Name > Departmental Folder > User files
The writing of the files initially is taken care of by a service account which has full control. We'd just like to ensure the users cannot accidentally delete the folder (which has already happened) containing all the files, etc.
This is for a Windows 2003 server, NTFS permissions.
Suggestions would be most appreciated.
This can be done by modifying the advanced security permissions of the folder and make sure that the users do not have the "Delete Subfolders and Files" and "Delete" permissions. The following rights should work:
Here is useful article http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html
I manage to resolve this by adding every domain account twice into the shared folder. One without delete permissions applied to the folders and subfolders, and one with delete permissions applied only to files!