1

What security permissions do I need to set to prevent a Vista folder from being renamed, or have any of its contents changed (all files and subfolders)

I can lock down the files and subfolders fine by denying permissions to write etc, but the folder can still be renamed?!!!!

I recall hearing somewhere that this could be done by changing the folder's parent security settings. That's fine but I need the folder's siblings to operate as normal.

EDIT 1: 22 March 2013 15:00 GMT

Perhaps I should give a fuller account of the setup and of what I've already done so we can get somewhere.

The setup

  • I am running Vista Business 64bit.
  • I am logged in as user that is in the Administrators group (user X)
  • User X is the owner of the folder in question F
  • UAC is turned on
  • user X is by default granted full control permissions on folder F
  • User X can go into Folder F's Properties->Security and edit his (and everybody else's) permissions
  • in Properties->Security->Advanced->Permissions->Edit you get the most granular control
  • the way this supposedly works is that you can deny access to specific items and the deny overrides the default allow behaviour

What I've done

in Folder F's Properties->Security->Advanced->Permissions->Edit I have done the following

  • Unchecked "Include inheritable permissions from the object's parent"
  • Checked "Replace all existing inheritable permissions on all descendents with permissions from this object"
  • Denied permission to
    • Create files / write data
    • Create folders / append data
    • Write attributes
    • Write extended attributes
    • Delete subfolders and files
    • Delete

The resulting behaviour

This succeeds in prohibiting all modifications to the folder including its deletion.

However (and this is the whole point of my post) it still allows me to rename folder F to whatever I like. That's what I would like to solve

Thanks

Edit 2: 25 March 2013 13:15 GMT

No further replies for a couple of days. Could it be that this simply isn't possible in Vista? Possibly even Windows in general?

Improve this question
0

2 Answers 2

Reset to default
2

If you go to the folder properties...

Properties>>Security>>Advanced>> Under the permissions tab you can select the user groups you wish to change more advanced permissions of by going to...

Change permissions>>Edit>>...and now you have much deeper control. I believe you're looking for "create folders/append data"? Apologies if I'm wrong about the permission off hand.

You can also control inheritance from here for sub-folders and so-on. If you uncheck "include inheritable permissions from parent object", you can delegate what permission for the parent folder will go to sub-directories for whichever user group.

Improve this answer
12
  • Yes, I've been through all that, and have been able to lock down all activity inside the folder (can't write new files/folders, can't delete any existing files/folders, can't delete the folder itself, can't change any files/folders) EXCEPT for renaming the folder which stubornly remains possible.
    – OldSchool
    Commented Mar 22, 2013 at 14:59
  • Is this a network share?
    – Pretzel
    Commented Mar 22, 2013 at 15:20
  • no it isn't. Just an old fashioned folder
    – OldSchool
    Commented Mar 22, 2013 at 15:23
  • For the folder itself, grant only permissions to list content, remove inheritance, and grant further permission accordingly.
    – Pretzel
    Commented Mar 22, 2013 at 15:33
  • By "List Content" I presume you mean "List folder Contents" which is not under the Advanced button (the closest Advanced permission is 'List folder / Read data'). "Only" allowing this by checking its box seems to automatically uncheck all other denied permissions save for 'Write'. For reasons I don't understand the end result of this is that I cannot select the folder in explorer, but I can still rename it. "Only" allowing 'List folder / Read data' in Advanced allows me to select and look in the folder but not change anything other than that I can still rename the folder. DoesThisWorkForYou?
    – OldSchool
    Commented Mar 22, 2013 at 15:51
0

I think you have to set permissions to make folder read only.

1.Right-click on the folder and select “properties”.

  1. Click on the "Security" tab and select the "Edit" option. Find the section "Write Attributes" and place a check mark next to the "Read-Only" option.

  2. Click on the "Apply" or "OK" button in the bottom right corner of the "Properties" window to save all your changes and make the folder read-only.

Hope this helps.

Improve this answer
3
  • Sorry Muhammad, but have you tried this yourself? if you had you'd know it won't work. Nor does your description match the Vista menus
    – OldSchool
    Commented Mar 22, 2013 at 12:17
  • He was close; you have to go into the "Advanced" permissions dialog, however (and then select the user that you want to change perms for). Tested working on Vista Business. Make sure that inheritance to children/from parent is set the way you want it, too; otherwise you'll only restrict one level of the folder hierarchy.
    – Zac B
    Commented Mar 22, 2013 at 13:35
  • Thanks but pls read my edit on the original question
    – OldSchool
    Commented Mar 22, 2013 at 15:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .