Setting Permissions on a Windows File Server Folder

Step-by-step guide to configure NTFS permissions on a Windows file server folder to allow reading and deleting files, but not adding new files or overwriting existing ones.

Goal

Grant a user group or department access to a specific folder so they can:

  • Read files
  • Delete files
  • But not add new files or overwrite existing ones

Steps

  1. Right-click the folder > Properties
  2. Go to the Security tab
  3. Click Advanced
  4. Select or add the group or user
  5. Click Edit
  6. Under “Allow”, choose the following advanced permissions:

CHECK (Allow):

  • ✔️ List folder contents / Read file data
  • ✔️ Read
  • ✔️ Delete files
  • ✔️ Read attributes and extended attributes

UNCHECK (or do not select):

  • ❌ Write to file
  • ❌ Create files / folders
  • ❌ Write attributes
  • ❌ Write extended attributes

Notes:

  • Deletion requires either the “Delete” permission on the file itself, or the “Delete subfolders and files” permission on the folder.
  • Always test with a test user or group to verify the permissions are configured correctly.
Getting Started
Powered by Nextra