Microsoft KB Archive/142017

= Microsoft Knowledge Base =

Users Without Permissions Can Delete Files at Server
Last reviewed: April 7, 1997

Article ID: Q142017

The information in this article applies to:


 * Microsoft Windows NT Server versions 3.5, 3.51, and 4.0

SYMPTOMS
If a domain user logs on at the server console, creates a file, and then removes all permissions from the file, no one except that user should be able to manipulate or delete that file. However, another domain user can log on at the server console and delete the file, even though the user does not have permission to do so.

Example
UserA and UserB are domain users only. They have permission to log on locally, and there is a directory on the server called Testdir. Everyone has full control of the directory. UserA logs on and creates a file called My.txt in the Testdir directory. She then removes all permissions from the file. A message appears to tell her that because she removed all permissions, no one except her will be able to do anything with the file.

UserA logs off and UserB logs on. He sees My.txt in the Testdir directory. All the security options in File Manager are greyed out with regard to My.txt. He is unable to change permissions on the file or take ownership of the file. This is expected behavior. If he tries to rename the file, open it in Notepad, or type it out at a prompt, he gets an Access Denied message. However, he can delete the file with no problem.

STATUS
Microsoft has confirmed this to be a problem in Windows NT version 3.51. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.