NTFS Permissions: How to Allow Creation of Files But Not Subfolders

What if you allow users to add files to a given folder but not subfolders? It’s easy! Just take care of a single NTFS Permission. Here I’ll show you how.

What are NTFS Permissions?

NTFS (New Technology File System) permissions is a proprietary feature in the Windows operating system that allows users to set different levels of security privileges accorded to the shared files and folders.

How to set NTFS Permissions to allow for creation of files but not of subfolders

With NTFS permissions, you can setup different security settings to suit your intentions. In this article, we are going to talk about how to set the permissions to allow for the creation of files but not subfolders.

Here is the procedure you can follow.

  • Right click on the folder you intend to modify its permissions.
  • Navigate to “Properties”.

  • On the window that pops up, click on the “Security” tab
  • Select the group or the user names you intend to change its permissions
  • If you want to create another group or user name, click the “Edit” button.

  • On the window that pops up, click the “Add” button.

  • Then, enter the appropriate name on the provided text area and click “Check Names”, then “OK”.

  • The name will appear on the access control list, where you can select it and adjust its permissions.

  • Next, under the “Security” tab, click the “Advanced” button.

  • On the window that pops up, click “Change Permissions”

  • Then, click the “Edit” button.

  • Ensure that the “Apply to:” section selects “This folder, subfolders and files”.

  • Next click on “Show Advanced Permissions”.

  • Thereafter, ensure the permissions for “Create files / write data” are set, and the permissions for “Create folders/append data” are not set.

  • Depending on your preferences, you can choose to either check or uncheck the other permissions settings.
  • If satisfied with the settings click “OK”, and apply the settings.
  • And this is how settings of special permissions looks like:

This way, you’ll have allowed users to create files but not subfolders on the shared folder.

It’s that simple!

Overview of Advanced NTFS Permissions

Now, let’s run through the various advanced NTFS permissions options.

  • Full control: just as the name implies, this permission level permits users to enjoy the full privileges to read, move, and delete items on the folder as well as other subfolders. Therefore, in this case, to avoid users creating subfolders on the folder, it is not allowed.
  • Traverse folder / execute file: this permission level permits users to navigate through folders to reach other files or folders as well as run executable files, even though they may lack sufficient permissions for the traversed files or folders.
  • List folder / read data: this permission level permits users to view as well as list the items present in the specified folder.Read attributes: this permission level permits users to view the attributes associated with the folder. Examples include “ready-only” attribute and “hidden” attribute.
  • Read extended attributes: this permission level permits users to read the extended attributes associated with the folder, as defined by the specific program.
  • Create files / write data: just like the name suggests, this permission level allows users to create files within the specified folder as well as add or remove the file’s content. In this case, to allow creation of files, this option is checked.
  • Create folders / append data: this permission level permits users to create subfolders within the folder as well as make changes to the end of the file without modifying the existing content. Therefore, in this case, to avoid users creating subfolders on the folder, it is not allowed.
  • Write attributes: this permission level permits users to change the attributes associated with the folder. Examples include “ready-only” attribute and “hidden” attribute.
  • Write extended attributes: this permission level permits users to change the extended attributes associated with the folder, as defined by the specific program.
  • Delete subfolders and files: this permission level permits users to delete subfolders and files, even if Delete privileges are disallowed on the subfolder or file.
  • Delete: this permission level permits users to delete the specified file or folder. If you do not have this privilege on a file or folder, and the permission on Delete subfolders and files is permitted on the parent folder, you can still carry out the delete action.
  • Read permissions: this permission level permits users to read permissions on a file or folder; for example, Read permissions and Write permissions.
  • Change permissions: this permission level permits users to alter permissions on the file or folder; for example, Read permissions and Write permissions.
  • Take ownership: this permission level permits users to take ownership of the file or folder, and make any desired changes.

Conclusion

If you want to set NTFS permissions to allow for the creation of files and not subfolders, the two critical advanced NTFS permissions you should take care of are “Create files / write data” and “Create folders / append data”. Also, you can set the other permissions depending on your preferences.

 

 

Do you have unclear NTFS Permissions assignments?
Do you have too many special permissions set on your fileservers?
Or blocked NTFS Permission Inheritance?

Protect yourself and your clients against security leaks and get your free trial of the easiest and fastest NTFS Permission Reporter now!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *