![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 15%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Active Directory
A set of directory-based technologies included in Windows Server.
6,644 questions
Hello Vojta,
To achieve the goal where a user can delete the contents (files and subfolders) of a parent folder but cannot delete the parent folder itself, you'll need to modify the NTFS permissions carefully. Here's a detailed step-by-step guide to configuring the permissions correctly:
- Set Permissions on the Parent Folder (Folder1)
The goal is to allow users to modify and delete items inside the parent folder, but not delete the parent folder itself. Follow these steps:
a. Right-click the Parent Folder (Folder1) and select Properties.
b. Navigate to the Security tab and click on Advanced.
c. Click on Disable inheritance and choose Convert inherited permissions into explicit permissions (this ensures you're working with explicit permissions only).
d. Under the Permissions Entries, click on Add to create a new rule for the user or group you want to set the permissions for.
e. In the new permissions dialog:
- Choose the appropriate user or group.
- Set the Type to Allow.
- In the Applies to dropdown, select This folder only.
- Check all the permissions except Delete and Delete Subfolders and Files.
This step ensures that the user cannot delete the parent folder (Folder1) but still has access to other folder operations.
- Set Permissions for Subfolders and Files
To allow the user to modify and delete files and subfolders inside the parent folder:
a. Click Add again to create a second rule for the same user or group.
b. In the new permissions dialog:
- Choose the appropriate user or group.
- Set the Type to Allow.
- In the Applies to dropdown, select Subfolders and files only.
- Grant Full control.
This ensures that the user has full control over all the files and subfolders inside the parent folder, allowing them to delete everything inside but not the parent folder itself.
- Test the Permissions
After setting the permissions:
- Try deleting files and subfolders inside Folder1 to confirm the user can delete them.
- Attempt to delete the parent folder (Folder1) itself. The user should get an "Access Denied" error, confirming they can't delete it.
Summary of Permissions:
Parent Folder (Folder1):
- Allow all permissions except Delete and Delete Subfolders and Files for the user.
- Applies to: This folder only.
- Grant **Full Control** for the user. - Applies to: **Subfolders and files only**.
This setup should achieve the desired behavior where the user can manage all contents inside the folder, but cannot delete the parent folder itself.
I hope I help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYL%3C/text%3E%3C/svg%3E)