Is it possible to set group permission on a folder at a Windows server so that a file can be created, populated and closed, BUT not changed or deleted after that?
NTFS – How to Set NTFS Permissions for WORM-like Behavior
ntfspermissions
Related Topic
- Windows – How to set file/folder permissions using Rsync from Windows to Linux
- Linux Web Server – Proper Permissions for Website Files and Folders
- Windows – NTFS permissions: how to make a folder read only for a group, but give write permission for only one member of this group
- NTFS – Domain Admins don’t have permissions despite being part of the Local Administrators group
- Windows NTFS Permissions – Forcing Inheritance for Newly Created Files
Best Answer
You can set permissions to allow this, but you're probably going to find that you're not happy with the result. (I have yet to ever configure this for a Customer who has requested it and not had to go change it a few days later.)
In particular, some programs (Microsoft Word is a good example) assume that they can write files under one name, then rename them after writing. Other programs create the file, close the file, then re-open it for writing again. When such a program tries to write to a directory with permissions like you describe you'll find that things break.
If you're just going to copy files into such a directory, you might have better luck.
Let's assume that you want "Authenticated Users" to be able to do this. You'll need to use the "Advanced" ACL editor to add the last permission:
This will allow "Authenticated Users" to create new files, but they won't be able to modify files they just created. (Obviously, members of SYSTEM and Administrators will be able to manipulate these files.)