Prevent deletion of a folder

By gbhall
Oct 23, 2011
Post New Reply
  1. In XP I know where to find all the properties of a folder, but there is no 'delete inhibit' flag such as I am used to seeing in a server OS.

    The consequence is it is possible to delete files and folders by accident, simply by failing to notice the wrong place is holding the focus.

    No, the files ard folders are not in the recycle bin, because (in this case) it is a temporary folder with files waiting to be archived or otherwise dealt with, and I habitually hold down the shift key when deleting from this folder. They are truly gone.....

    It would save me embarassing myself if I at least got a warning before deleting an entire tree.
  2. ravisunny2

    ravisunny2 TS Ambassador Posts: 1,980   +11

  3. tweakboy

    tweakboy TS Guru Posts: 467

    My cousin had your issue lunchbox I mean lockbox did the trick. thx gl,
  4. gbhall

    gbhall TechSpot Chancellor Topic Starter Posts: 2,425   +77

    I've failed to find any lockbox application for windows other than a secure transfer methodology. It is also mentioned in post#2, which gives a link implying that it is a form of password protection i.e. prevents access at all without the password. Not as simple as just a 'not deletable' flag, and possibly not quite suitable, but I will give it a try.

    Meanwhile, do you have any additional pointers as to how it would fit my need ?

    Thanks to both
  5. ravisunny2

    ravisunny2 TS Ambassador Posts: 1,980   +11

    gbhall, the second part of my post was to consider overriding the standard Delete option of windows.

    That involves a modification of the Registry.

    If you are the only person who uses the pc, you could write your own application that can handle File/Folder deletion in a customized fashion.
  6. jobeard

    jobeard TS Ambassador Posts: 9,342   +622

    I'm sure you know that the Delete property can be uniquely set in the Security options for both the Folder and/or Files. Create, Modify would still be allowed.
  7. ravisunny2

    ravisunny2 TS Ambassador Posts: 1,980   +11

    No I didn't, jobeard, as I never needed to use it.

    I assumed that gbhall had explored all possibilities.

  8. gbhall

    gbhall TechSpot Chancellor Topic Starter Posts: 2,425   +77

    I found under the folder properties, security tab, advanced options, there are various users, and there are an abbreviated list of permissions, none of which is 'delete'.

    There are complex interactions between these permissions, such that for example click deny for 'full control' switches them all to 'deny' and so on.

    There is yet another 'advanced' button on there such that you still see the users, but can edit the permissions with a longer list of permissions, one of which is delete

    But again there are odd interactions with other permissions, and I can find no way to simply set a folder not deletable, let alone with the contents still deletable. It is possible to set delete as 'deny' but it has no effect whatever, despite 'deny overrules allow' (yeah!!??)

    The whole thing seems to have been designed by Einstein in one of his crazier moments, is not remotely usable, and I give up totally on trying to set a property which is a simple single click in (say) Novell. If someone claims that with various on/off settings, plus other switches, it is possible to do that, I am prepared to believe it, but life is too short to work out how to do it.
  9. jobeard

    jobeard TS Ambassador Posts: 9,342   +622

    right-click on folder->Properties->Security

    in the top have are a list of users, the bottom have shows the perms for the user selected above.

    to enforce what you want, you need first to add the <Everyone> user

    then for that user;
    click the Advanced button near the bottom half
    you get another window Adv Security Settings with the list of users :)sigh:)

    select the Everyone name
    click Edit

    click FULL control and then DENY delete.

    I would then uncheck in the Allow column
    {Read,change} Perms and Take Ownership

    click ok and then

    [x] the inherit box

    Yes; this is difficult! BTW: setting <everyone> deny delete includes the owner of the folder too!!! ie everyone means exactly that; everyone

    NoW if you can create a GROUP and put specific users into it, then use the GROUP name instead of the <everyone> and then the Owner/Admin will not be so restricted.
  10. gbhall

    gbhall TechSpot Chancellor Topic Starter Posts: 2,425   +77

    Jobeard - since I followed your instructions and created a user Everyone, it still does not prevent delete by me (Admin user). I guess the user Everyone is not connected to any system object - it is just a user like 'JoeBloggs'. Maybe there is some secret process to ensure that myself, as a user, inherits the rights of Everyone (OS object). Can you spot what I am doing wrong? Is it omitting the <> around Everyone?
  11. jobeard

    jobeard TS Ambassador Posts: 9,342   +622

    my my. I reported what I read on the issue of using DENY privileges.
    The warning was you could create a situation where conflicts across Names would be resolved in favor of the DENY[a].

    The DENY Delete should be applied to the FOLDER & Contents.
    From the Advanced Button ->second popup
    you can see the headings
    Type, Name Perm, Inherited From​
    The last column for <everyone> should read <not inherited>
    When I edit everyone and [x] deny delete, I get a popup (when clicking APPLY)
    that states [a].
  12. gbhall

    gbhall TechSpot Chancellor Topic Starter Posts: 2,425   +77

    Puzzle upon puzzle - that is exactly what I see....delete is denied, inherit reads <not inherited> but I can still delete the folder. I also did the same for myself as a user, and myself as an administrator - all exactly the same. At no time did I get the popup you mention though. What a crock of <opinion deleted>

    Jobeard, thank you for your efforts, but I still don't get it.

    Lockbox, on the other hand, I've tried that, and it makes the folder invisible. Can't be much more <undeletable> than that, but once the password is used to unlock it, it is just as deletable as before. So not real answer yet.
  13. jobeard

    jobeard TS Ambassador Posts: 9,342   +622

    sheez; sorry for the waste of time. There are times I just HATE MS!
  14. ravisunny2

    ravisunny2 TS Ambassador Posts: 1,980   +11

    gbhall, as mentioned above, you could modify the Right-Click Context Menu.

    Also, if you are the only person who uses the pc, you could write your own application that can handle File/Folder deletion in a customized fashion.
  15. gbhall

    gbhall TechSpot Chancellor Topic Starter Posts: 2,425   +77

    I bow to your expertise in the possibility of rolling my own right-click menu. It would of course have to only apply to selected directories, and would have to inherit downwards without affecting contained files.

    Quite a requirement perhaps? On top of which, I might be a very expert programmer in one language (visual foxpro), and less expert in several other languages, but not at all in C++ or windows scripting and don't know or care anything about Windows internal calls and procedures. Sorry, just not practical I suspect.
  16. jobeard

    jobeard TS Ambassador Posts: 9,342   +622

    hmm; for a single user system, I would think that good user practice would not encounter this problem, and if done accidentally, a backup plan would be sufficient.

    For a multi-user system or for file-shares that need all user r/w and still disallow delete, the programming solution has a practical problem: How to inhibit the existing delete capability for ALL USERS and enforce the use of this special purpose program?
  17. gbhall

    gbhall TechSpot Chancellor Topic Starter Posts: 2,425   +77

    Jobeard - your point about good user practice and how did anyone as long-term as myself manage to do that? Accidents happen to all of us.....I have a very regular multi-level backup, but not (until now) including certain folders, because they are purely working folders and never contain significant data (except for possibly a day or so, during which (sod's law) I had the careless accident :dead:)

    It has been a learning experience on several levels, and only reinforces what one knows, but does not fully attend to - that no matter how good a system or how experienced a user, accidents happen. I've seen it, done it, and the important thing to do is try to imagine every conceivable eventuality when you design a system for long-term security. That seems easy, but it ain't.

    Good example the other day at work. A drive filled (600Gb !!) My own application detected the problem but could not write an error message about it (drive was full :D) so I had to re-write the error routines to signal to another place.

    Problem down to MS (when is it not ?) and their poor systems that fill 5000 % of the space required by the actual data just with logs. Damme! you don't even know it, although to be fair, you do get warnings from the server when down to about 6Gb spare, but you can't be expected to guess that will fill in a couple of days....well, 3 years data on the previous system occupies less than that !!

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...