1

To prevent myself from accidentally deleting important files, I have given some special permissions for my username to certain folders on my HDD (in fact, those directories are on a server, but let's not make things too complicated).

I have set these permissions using the normal UI that Windows 7 Pro x64 provides for that purpose. The permissions I have set are:

Permissions I have set

This works in principle. I can copy files and subfolders into that folders and can't delete them afterwards. But in fact, this is not usable due to the following oddities:

1. I can't rename files or folders. When I try, I get an "access denied" message.

This is very surprising to me because (as you can see in the screenshot) I only have denied the "Full control", the "Delete subfolders and files", the "Delete" and the "Take ownership" permissions. So I am asking myself what renaming has to do with deleting.

Is this due to a brain-dead implementation of Windows Explorer, or is it basically an API problem?

2. I can't move files or folders. When I try, I get an "access denied" message.

This is more understandable to me. After all, when moving a file, it won't be at the same place at the end of the process, so one could argue that this is a deletion. Nevertheless, I'd like to know a way around that.

3. I can't create new files or folders directly.

Well, I actually can, but this is useless. For example, when I create a new folder, it is named "New Folder", and when I try to change its name to the name I need it to be, problem 1) kicks in.

Hence my question:

Does anybody know a configuration or trick which allows me (most important first)

  • to prevent myself from deleting files or folder, but nevertheless

  • to rename files and folders

  • to move files and folders?

Mokubai
  • 89,133
  • 25
  • 207
  • 233
Binarus
  • 1,687
  • 9
  • 19
  • Could keep a backup of the important files, and not worry about accidents – Xen2050 Sep 10 '17 at 10:05
  • Of course, I am keeping backups very thoroughly (at a professional level). My problem is that I two times deleted an important file *without noticing it* (in one case, the wrong window had the focus when I hit the DEL key, and I additionally had been distracted by another person in that moment; in the other case, I accidentally chose "cut" instead of "copy" from the context menu and did not notice that the file vanished from its original location because there were thousands of files...). Since this situation will not be covered by backups, I had to do something about it. – Binarus Sep 10 '17 at 10:16
  • If the backup program showed a list of new *and deleted* files that would help... I'm sure files are not actually being copied & then deleted, but something in the permissions must be off. Tried searching for windows rename permissions? – Xen2050 Sep 10 '17 at 10:19
  • The backups are running fully automated; they are about 2 TB every day and contain several hundreds of thousands of files, where some dozens per day are deleted by intention by other users - I don't know a backup solution which could sort that out :-). Yes, and I have googled until my fingers were bleeding (but so far only for solutions which I could realize without third-party software), and I also did my own tests (tried every possible combination of the "Delete" and "Delete subfolders and files" permissions), but to no avail. – Binarus Sep 10 '17 at 10:24
  • I agree with you that files, when being renamed, will not be copied and deleted (otherwise, the time renaming takes would be dependent on the file size). Nevertheless, there must be an action involved in the process or renaming which Windows considers "deleting". – Binarus Sep 10 '17 at 10:28
  • Software recommendation requests are off-topic here, I have edited it out of your question. We prefer to solve the problem, not to just be a "software that does X" library. – Mokubai Sep 10 '17 at 10:29
  • @Mokubai Thanks for caring about that. I'd like to solve things at OS level myself. But what if the problem indeed can't be solved without additional software that I am not aware about? In that case, I would be grateful if somebody was naming it ... – Binarus Sep 10 '17 at 10:31
  • People can say "this software solves your problem", but please focus on the actual problem and not that you need some software recommended for it. If you know for a fact that it is impossible to do with the tools you have and just want a software recommendation then we have [softwarerecs.se], but keep in mind that cross-posting is not always appreciated. They also prefer a slightly more criteria based request, their guidelines are at http://meta.softwarerecs.stackexchange.com/questions/336/what-is-required-for-a-question-to-contain-enough-information – Mokubai Sep 10 '17 at 10:34
  • It strikes me that what you could do with is a separate user that has *all* the rights to the filesystem and a batch file that launches `explorer.exe` with that users rights so that you can then play around in that area when you need to. It means that normally you would be only able to write but, with the running of a batch file, you could be "admin" of that area. https://superuser.com/questions/986085/how-open-windows-explorer-as-different-user-in-windows-10 – Mokubai Sep 10 '17 at 10:39
  • @Mokubai OK, thanks for both comments. In fact, I am currently renaming / moving using another account, but this is very inconvenient. To be safe, I must not open the windows which has been started with superuser rights when I don't need it. For example, when creating a new folder, I have to open that "superuser window", then create / rename that folder, and then close that window again. I estimate that I have to do this 20 times or so during a normal working day, and I was hoping that there is a way around it. But given harrymc's answer below, I'll just continue as-is ... – Binarus Sep 10 '17 at 11:18
  • 1
    I use a program called Free File Sync which Will backup all my files from one harddrive to another. When a file is deleted on the source, instead of deleting it on the destination too, it moves the file from the destination to my "Deleted Files" location. A second script deletes files that are there for more than 31 days. This works perfectly. In fact, it will detect renaming files as actually renaming, not 1 new file and a deleted file. I've set it up to sync every 1 minute, so the backup is always up to date. I don't delete my files accidentally. I've set this up due to cryptolocker viruses. – LPChip Sep 10 '17 at 11:49

1 Answers1

2

Your problem is not with Explorer, but with Windows and the way it works.

The permissions you refer to above are permissions on the directory, not on the files themselves. This means that to rename a file, Windows needs to delete in the directory the old name and create a new one, which requires, among others, the delete permission.

Therefore, Windows does not have, and does not need, a "rename" permission, and no software product can provide it either.

You would need instead to modify how you work with these files. Perhaps by creating scripts that will do the rename while keeping backup copies. Used perhaps with runas commands on another account that has the delete permission. These scripts may even keep a history log of all operations, just in case.

harrymc
  • 455,459
  • 31
  • 526
  • 924
  • Thanks for the explanation so far. I already have feared that this is an API problem ... Indeed, I am currently connecting as another use to rename or move, but this is quite inconvenient. However, since there is no clean solution, I'll just continue as-is for the moment. – Binarus Sep 10 '17 at 11:27