I have a Windows 2003 Small Buisness Server with about 15 computers that are running Windows XP Pro SP3. On one computer I have a 1TB Drive that the users share folders on, now I want to protect those files on that drive from accidental deletion. So I want them to be able to create, copy, modify and delete files on that drive but I don't want them to be able to delete folders or sub-folders but they can create folders/sub-folders. I tried doing this with NTFS permissions and when I try to delete the folder it won't let me delete the folder but all the files in that folder get deleted and that's a problem. If the user accidentally tried to deleted the root folder all the files will be deleted and all I will have is a folder with a a lot of sub-folders. Is there a way to do this with Group Policy? I have tried searching the web and reading Windows Small Business Server 2003 R2 but I can't find a clear answer on how to do it and none of the options I've found in the Group Policy Editor seem to relate to my issue. These are the permission settings that I have set in the root folder: User: Authenticated Users; Apply to: This Folder, subfolders and files; Deny: Change Permissions, Take Ownership User: Authenticated Users; Apply to: This Folder, subfolders; Deny: Delete Subfolders and Files, Delete User: Authenticated Users; Apply to: Files Only; Allow: Traverse Folder/Execute File, List Folder/Read Data, Read Attributes, Create Files/Write Data, Create Folders/Append Data, Delete, Read Permissions User: Authenticated Users; Apply to: This Folder and Subfolders; Allow: List Folder/Read Data, Create Files/Write Data, Create Folders/Append Data, Read Permissions User: Administrator; Apply to: This Folder, subfolders and files; Allow: Full Control All of these settings are propagate through out the directory.

Not sure I'd do it with group policy. Might be better off with ntfs permissions. Be sure you use inherit. See http://support.microsoft.com/kb/313398 Also you may have group issues that are difficult to determine. Might have to use RSOP to get a better view of permissions if this is a complex setup. Playing to the angels Les Paul (1915-2009)