I am setting up a set of scan folders from a scanning copier device, and would like to know the best way to protect the folders (for each department) from moving or deletion, but yet still allow access for the users to modify (i.e. create/add/delete) the scanned files within the folder.
Structure is:
Share Name > Departmental Folder > User files
The writing of the files initially is taken care of by a service account which has full control. We'd just like to ensure the users cannot accidentally delete the folder (which has already happened) containing all the files, etc.
This is for a Windows 2003 server, NTFS permissions.
Suggestions would be most appreciated.
Best Answer
This can be done by modifying the advanced security permissions of the folder and make sure that the users do not have the "Delete Subfolders and Files" and "Delete" permissions. The following rights should work:
Here is useful article http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html