What security permissions do I need to set to prevent a Vista folder from being renamed, or have any of its contents changed (all files and subfolders)
I can lock down the files and subfolders fine by denying permissions to write etc, but the folder can still be renamed?!!!!
I recall hearing somewhere that this could be done by changing the folder's parent security settings. That's fine but I need the folder's siblings to operate as normal.
EDIT 1: 22 March 2013 15:00 GMT
Perhaps I should give a fuller account of the setup and of what I've already done so we can get somewhere.
The setup
- I am running Vista Business 64bit.
- I am logged in as user that is in the Administrators group (user X)
- User X is the owner of the folder in question F
- UAC is turned on
- user X is by default granted full control permissions on folder F
- User X can go into Folder F's Properties->Security and edit his (and everybody else's) permissions
- in Properties->Security->Advanced->Permissions->Edit you get the most granular control
- the way this supposedly works is that you can deny access to specific items and the deny overrides the default allow behaviour
What I've done
in Folder F's Properties->Security->Advanced->Permissions->Edit I have done the following
- Unchecked "Include inheritable permissions from the object's parent"
- Checked "Replace all existing inheritable permissions on all descendents with permissions from this object"
- Denied permission to
- Create files / write data
- Create folders / append data
- Write attributes
- Write extended attributes
- Delete subfolders and files
- Delete
The resulting behaviour
This succeeds in prohibiting all modifications to the folder including its deletion.
However (and this is the whole point of my post) it still allows me to rename folder F to whatever I like. That's what I would like to solve
Thanks
Edit 2: 25 March 2013 13:15 GMT
No further replies for a couple of days. Could it be that this simply isn't possible in Vista? Possibly even Windows in general?