My OS is Windows 7 Ultimate. I've noticed that non-admin users of my PC can delete files that are created by admin user. How can I prevent non-admin users from deleting/modifying files NOT CREATED by that user?
I know how to use the Security tab of a file/folder's properties dialog box. Using that tab, only a single file/folder and its subfolders can be configured so that a particular user/group of user may not modify it. I'd like to know a way by which all non-admin users will be unable to modify files that are not created by them.
Thanks in advance.
Best Answer
In Windows a file generally gets its ACL from the folder in which it is created. If the folder allows non-owners of files to delete them, then they can even if the owner is an administrator.
As you note you can change this for a file, a folder or a folder tree.
To change for all folders you need to first identify which folder trees you want to change (e.g. you shouldn't start changing permissions of
C:\Users,C:\Windows, ... and other system folders).Then for each of these you need to modify the ACL. This can be done in code or script (e.g. PowerShell), but needs more time to write up than I have now (if you just want to copy one ACL to another folder you can
get-aclon the first and thenset-aclon the other).However I would suggest you consider why you want to do this. If a user needs to create files that only they can delete the best route is to create a folder, with specific ACL, for that purpose. Not to make some global change so the administrator doesn't have to think.