It is possible to lock Admin out of being able to delete files and
I had to search Google Groups to find this message (after seing a response
to it) - strange. Also - it seems this message from "Thee Chicago Wolf
(MVP)" is set for no archival... "Note: The author of this message
requested that it not be archived. This message will be removed from Groups
in 6 days (Mar 24, 7:55 am)."
Yup, it's called X-No-Archive.
http://groups.google.com/group/micr..._frm/thread/e7b6faa891cb5050/43cfcde4bfedaf12
However - all that being ponted out now - I must ask "Thee Chicago Wolf
(MVP)" how one can lock-down the ability of a computer administrator of a
workstation from erasing files/folders off said workstation and making it
stick (making it so the administrator of said workstation cannot get around
said restrictions?) I am genuinely curious, perhaps there is a method I do
not know about.
Well, let's not inject what the OP didn't ask to do. The OP wanted to
know if it was possible to lick out the Admin from deleting a file or
folder. And yes, It can be done.
1. Log in as the Admin.
2. Create a folder, let's just do it on C:\ and call it Test
3. Right click it, do Properties, then Advanced, click the Security
Tab (you did disable Simple File Sharing, right? ;-)), click Advanced
again, uncheck "Inherit from Parent...", click Remove, click Apply,
click Yes, click OK twice.
See if you can delete the folder, Admin. See if you can Shift+Delete
the folder. Nope, you can't.
How about some more fun?
1. Right click the Test folder, do Properties, then Advanced, click
the Security Tab, click Advanced again, check on "Inherit from
Parent...", click Apply, click Yes, click OK twice. All the original
inherited permissions are back so Admin has full control again, right?
2. Copy a couple of small files into the folder.
3. Right-click all the files, do Properties, then Advanced, click the
Security Tab, click Advanced again, uncheck "Inherit from Parent...",
click Remove, click Apply, click Yes, click OK twice.
Can you delete them? Nope. But ah-ha, you CAN shift+delete them
because the folder's inheritance will trump whatever the file
permissions have been set to unless you *explicitly* deny inheritance
for the Administrator to delete files and folders.
So yes, something you apparently don't know about. ;-)
- Thee Chicago Wolf (MVP)