I'm truin to use icacls to prevent file deletion I tried : icacls /deny Everyone:D - icacls /deny users:D - icacls /deny administrator:D but this prevents me from accessing the file and I can't execute it I then tried de instead of d but in this case I'm still able to delete the file
Asked
Active
Viewed 378 times
0
-
If a user is granted delete-child (DC) access for a directory, it overrides delete (DE) access for an individual file in the directory. Also, all generic and simple rights (GR, GW, GE, GA, F, M, R, RX, W, D) include the right to open a file with synchronous access (S), which is almost always required by the Windows API. So if you deny a generic or simple right, you're effectively denying all normal access to the file. You should only ever use a deny ACE with standard (DE, RC, WDAC, WO, S) and specific rights (DC, RA, WA, REA, WEA, RD, WD, AD, X). – Eryk Sun Jan 29 '18 at 20:52
-
What do you mean witi a "directory" do you mean the whole directory to the root (C or D or E ...) – user123456 Jan 30 '18 at 20:16
-
Only the immediate parent directory is checked for delete-child access. There's actually a code sample of this check in the file-system driver design guide for the case of checking for [delete access when renaming a file](https://learn.microsoft.com/en-us/windows-hardware/drivers/ifs/irp-mj-set-information3) in an `IRP_MJ_SET_INFORMATION` request. A file system that supports security (e.g. NTFS, not FAT32) does an access check for `DELETE` access on the target, and if that's not granted, it checks the parent directory for `FILE_DELETE_CHILD` access. – Eryk Sun Jan 30 '18 at 21:06