+ Reply to Thread
Results 1 to 12 of 12
  1. Senior Member
    Join Date
    Jan 2003
    Location
    Cincinnati, OH.
    Posts
    330

    Certifications
    A+, Network+, MCP - Windows XP, MCSA - Windows Server 2003, MCTS - Exchange Server 2007
    #1

    Default delete vs. delete subfolders & files

    I thought I understood this, but when I got a question on a practice test for 70-290 I got it wrong.

    Users w/ modify permissions do not have the "delete subfolders and files" permission, but have the "delete" permissoin.

    Why is it that when I log on w/ a user acct that has Modify permission for a folder, I can delete everything?

    What is the difference?
    What would be the advantage of having the "delete subfolders and files" permission?
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member
    Join Date
    Sep 2005
    Posts
    592

    Certifications
    A+ Network+ MCP, MCSA
    #2
    on my network when I go into a folder and look at the permissions I have a user woh has modify when I click on Advanced

    then double click the user to see the advanced permssions I cna se "Delete subfolders" is not selected.


    do you see the same thing?

    I think what mgiht have happed is if you created the subfolder with that user... that user became the Creator owner of the folder so that qwould allow them ot deletye the subfolder since they're effectively that oflders admin.

    try creating a folder and then a subfolder with the admin account... giving a user modify then go in and see if the user is allowed to delete the folder.

    I tihkn it might be a creator owner issue though.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jan 2003
    Location
    Cincinnati, OH.
    Posts
    330

    Certifications
    A+, Network+, MCP - Windows XP, MCSA - Windows Server 2003, MCTS - Exchange Server 2007
    #3
    Quote Originally Posted by Smallguy
    on my network when I go into a folder and look at the permissions I have a user woh has modify when I click on Advanced

    then double click the user to see the advanced permssions I cna se "Delete subfolders" is not selected.


    do you see the same thing?

    I think what mgiht have happed is if you created the subfolder with that user... that user became the Creator owner of the folder so that qwould allow them ot deletye the subfolder since they're effectively that oflders admin.

    try creating a folder and then a subfolder with the admin account... giving a user modify then go in and see if the user is allowed to delete the folder.

    I tihkn it might be a creator owner issue though.

    Yes. I actually did all of the above. I created a folder and file structure w/ the admin account and logged on as a user with Modify. I was able to delete anything and everything.

    I just don't see the difference between the two permissons.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    May 2003
    Location
    United Kingdom, London
    Posts
    597

    Certifications
    A+, Network+, MCDST, MCSA 2000, studying for CCNA.
    #4
    Standard File and Folder Permissions
    --------------------------------------------
    Read(R) - View attributes, contents, and permissions. Can synchronize.
    Write(W) - Can change attributes, and file contents. Can create files or folders. Can synchronize.
    Read(R) and Execute(E) - Can change sub folders, perform read operations, and execute a file.
    List Folder Contents - Can perfrom read and execute permissions on folders. Can view folder contents, attributes, permissions. Can synchronize and change to subfolders.
    Modify - Perform Read, Execute, and Write permissions along with ability to delete.
    Full Control - Can perform Modify functions (above), take ownership, and modify permissions.
    Permissions assigned to directories are inherited (default) by all files and subdirectories that are contained in the directory. The inheritance option, selected by default, may be deselected. Each file or directory has an Access Control List (ACL). To set permissions for additional users or groups, they are added to the ACL of the file or directory. Windows Explorer or the Cacls command line utility can be used to set permissions.

    Special File and Folder Permissions
    --------------------------------------------
    On the file or folder properties dialog, click the "Security" tab and the "Advanced" button to assign special file or folder permissions.

    Traverse Folder/Execute File - .
    List Folder/Read Data - .
    Read Attributes - The user can read the attributes (archive, compress, hidden, etc.) of the file, but not read the contents of the file.
    Read Extended Attributes - .
    Create Files/Write Data - .
    Create Folders/Append Data - .
    Write Attributes - .
    Write Extended Attributes - .
    Delete Subfolders and Files - .
    Delete - The user can delete the file.
    Read Permissions - The user can read the file.
    Change Permissions - Lets the user change permissions for the file, but not view or change the contents of the file.
    Take Ownership - The user can take ownership of the file, but can't give it back.

    These permissions can be applied to directories, files, and subdirectories with one of the following selections:

    This folder, subfolders and files
    This folder only
    This folder and subfolders
    This folder and files
    Subfolders and files only
    Subfolders only
    Files only
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jan 2003
    Location
    Cincinnati, OH.
    Posts
    330

    Certifications
    A+, Network+, MCP - Windows XP, MCSA - Windows Server 2003, MCTS - Exchange Server 2007
    #5
    I appreciate your help D-Boy but I'm not sure what you are trying to tell me with that.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    May 2003
    Location
    United Kingdom, London
    Posts
    597

    Certifications
    A+, Network+, MCDST, MCSA 2000, studying for CCNA.
    #6
    Ok sorry let me clear this up...

    NTFS file and folder permissions for the most part are a sufficient way to secure your resources on a network. Where they do not provide the level of granularity required, you can use Special Access Permissions.

    **Delete Subfolders and Files**

    This allows or denies the deleting of files and subfolder within the parent folder. It also true that if this permission is assigned files and subfolders can be deleted even if the Delete special access permission has not been granted.

    **Delete**

    This allows or denies the deleting of files and folders. If the user does not have this permission assigned but does have the Delete Subfolders and Files permission, she can still delete.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Jan 2003
    Location
    Cincinnati, OH.
    Posts
    330

    Certifications
    A+, Network+, MCP - Windows XP, MCSA - Windows Server 2003, MCTS - Exchange Server 2007
    #7
    Quote Originally Posted by D-boy
    Delete Subfolders and Files

    Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file. (applies to folders)
    Honestly, I appreciate your help but I don't think you read my post.
    I understand what technet says, but if you read my post you would see that even with the "delete" permisson which is granted through modify, I can delete subfolders and files. I am struggling with the difference here.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    May 2003
    Location
    United Kingdom, London
    Posts
    597

    Certifications
    A+, Network+, MCDST, MCSA 2000, studying for CCNA.
    #8
    Quote Originally Posted by w^rl0rd
    Quote Originally Posted by D-boy
    Delete Subfolders and Files

    Allows or denies deleting subfolders and files, even if the Delete permission has not been granted on the subfolder or file. (applies to folders)
    Honestly, I appreciate your help but I don't think you read my post.
    I understand what technet says, but if you read my post you would see that even with the "delete" permisson which is granted through modify, I can delete subfolders and files. I am struggling with the difference here.
    Sorry read my post again I made some edit's.....
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Jan 2003
    Location
    Cincinnati, OH.
    Posts
    330

    Certifications
    A+, Network+, MCP - Windows XP, MCSA - Windows Server 2003, MCTS - Exchange Server 2007
    #9
    I guess what I dont get is this:

    If the delete permission is granted to a user for the parent folder, won't it be inherited by the child folders making them deletable as well? How would that be any different than the delete subfolders and files permission?
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    May 2003
    Location
    United Kingdom, London
    Posts
    597

    Certifications
    A+, Network+, MCDST, MCSA 2000, studying for CCNA.
    #10
    Did you set the **Delete** permission to "Deny"? You can Allow or Deny a Special Permission.
    Reply With Quote Quote  

  12. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #11
    This is going nowhere fast, or so it seems.

    Okay, maybe looking at it a little different will help. When you give a user or group "Modify" permission to a directory, by default inheritance will also give them "Modify" to all folders and files below. So unless you turned off inheritance, they also have the "delete" on every folder and file below as well because they have "Modify", which includes "delete". They don't need the "delete subfolders" permission, because inheritance gave them Modify all the way down.

    If you have "Modify" on folder "Alpha", then someone creates a subfolder called "Beta", guess what? It doesn't matter that Modify doesn't allow you to "delete subfolders" explicitly, because you now also have "Modify" on the "Beta" folder, you have the right to "delete" it. And so on down with folders "Charlie", "Delta", and "Echo", etc.


    Edit:
    Also, not sure if this helps, but keep in mind that "Modify" permission is just shy of "Full Control". The differences being that with Modify you cannot "Take Ownership", and you cannot change the permissions. Everything else is fair game.
    Reply With Quote Quote  

  13. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #12
    Quote Originally Posted by w^rl0rd
    I guess what I dont get is this:

    If the delete permission is granted to a user for the parent folder, won't it be inherited by the child folders making them deletable as well? How would that be any different than the delete subfolders and files permission?
    The difference there is only apparent when you turn off inheritance. Otherwise you're right, it's the same thing.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks