Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

SETUP: File Delete Child directory permission in NTFS


View products that this article applies to.

This article was previously published under Q152763

↑ Back to the top


Summary

Windows NT supports a hidden permission called File Delete Child (FDC) on NTFS volumes. Users who have full control permission on a volume or directory also have the FDC permission. This permission allows a user to delete files at the root level of the directory where they have full control, even if they do not have any permissions on the specific file itself.

↑ Back to the top


More information

The FDC permission only gives the user the right to delete files at the root level of the directory in which they have full control rights, they cannot delete sub directories, or files nested within sub directories. The FDC permission is based on the concept that if a user owns a directory, they should be able to delete files within that directory, even if they do not have specific permissions for every file.

If an administrator does not wish to grant a user the FDC permission, the administrator can use the special permissions option and grant the user every permission except full control.

This permission was created to maintain POSIX compliance. It is equivalent to the UNIX directory write permission. The behavior of this permission cannot be changed in the User Interface or through the registry.

The following example illustrates the use of the FDC permission. Listed below are the default permissions of both root directory of drive C and the Windows NT system root directory, normally C:\Winnt.

   Everyone    Full Control ( All ) ( All )
				


In this case, everyone has full control of this directory, and can delete any file at the root level of either directory. If the guest account was enabled, even a guest could delete a file, regardless of any special permissions the file itself may have.

For example, suppose you add the file MyFile.txt to the root of drive C. You then set the permissions to:

     Administrators     Full Control ( All )
				


The Everyone group is removed. If you log on to the computer as an ordinary user, you can see the file, but not open it. You can however delete the file.

To deny delete Permission to the Everyone group

If you wish to deny the Everyone group the right to delete files, do not remove the Everyone group from the root directory. If this is done, the System and Administrators will not have access to the system files and it may not be possible to log on when the system restarts. For more information, please see the following article in the Microsoft Knowledge Base:

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
109076� Removing permissions to an NTFS partition may prevent startup


To prevent the Everyone group from being able to delete files in the root directory, assign Read, Write, and Execute (RWX) privileges through Special Directory Access. It is also necessary to explicitly provide the system with full control. The root directory permissions should now be displayed as the following:

   Administrators    Full Control    ( All )( All )
   Everyone          Special Access  ( RWX )( RWX )
   SYSTEM            Full Control    ( All )( All )
				


↑ Back to the top


Keywords: KB152763

↑ Back to the top

Article Info
Article ID : 152763
Revision : 5
Created on : 2/21/2007
Published on : 2/21/2007
Exists online : False
Views : 171