Stop standard users from messing with your stuff
Looking for a way to prevent a file from being deleted in Windows XP, Vista, or 7? This can be a bit tricky in Windows since you have to delve into user permissions and file permissions.
If you have a shared folder that is accessible to computers on the network, then you also have to deal with share permissions in addition to NTFS permissions. In this post, I will walk you through the steps for preventing deletion of files.
Prevent File Deletion
If you want to prevent a single file from being deleted on your local machine, follow the steps below.
1. First, right-click on the file and choose Properties. You should be presented with a dialog box with several tabs. One of the tabs will be named Security.
If you do not see a Security tab, you may have to disable simple file sharing. You can read my previous post on how to turn off simple file sharing in order to set permissions on individual files and folders.
2. Next, click the Advanced button at the bottom of the security tab.
3. Now uncheck the “Inherit from parent the permission entries that apply to child objects” box.
A new dialog will pop up asking if you want to copy or remove the parent permissions. Go ahead and choose Copy, as this will allow us to work with the current permissions and modify them to our liking. In newer versions of Windows 7, the option has changed to Add.
4. Now in the Permission Entries list box, you should remove any user or group that you do not want to have access to the file. If you want users to be able to read the file, modify the file, but simply not delete the file, click the user and click on Edit.
5. On the dialog box that pops up, you can now control each individual permission for that file or folder. This includes Traverse Folder, Create Files, Delete, Read Permissions, Change Permissions, etc.
6. Note that you can uncheck certain items from the Allow column and it will prevent the user from reading or modifying the file. However, even if you uncheck the Delete permission, the user will still be able to delete the file.
The only way to prevent file deletion is to not give read permissions and explicitly deny Delete permission. That means you can simply uncheck read permissions in the Allow column and check the Deny box for Delete. Unfortunately, once you give read permissions to a file, the user will be able to delete it.
You can play around with the various permissions to control the file or folder exactly as you desire. You can basically prevent file renaming, file deletion, file modification and more. Note that this only makes sense if the user account you are trying to restrict is a standard user. If they are an administrator, then they could very easily go to the same dialog as you and give themselves the appropriate permissions back. Enjoy!