NTFS Permissions - deny delete does not work

Solution 1:

You have to take into account that deleting/renaming a file is actually a write operation on the parent folder which is a special "file" that contains the list of children (files or subfolders). As such to prevent deleting a file, you need to remove the write permission on the parent folder.

see kb 308419 for an explanation:

The Delete permission allows or denies the user from deleting the file or folder. If you do not have a Delete permission on a file or folder, you can delete the file or folder if you are granted Delete Subfolders and Files permissions on the parent folder.

Solution 2:

To properly deny access to delete from the parent folder only and allow deleting from the subfolders you have to set two sets of permissions for the user/group.

Allow read write modify. This is important: keep "delete subfolder and files" checked off but uncheck "DELETE". I have found that if a user has permission for "delete", any deny permissions will not work! This should be applied to this folder, subfolders, and files.
DENY the user delete and "delete subfolders and files" and apply to this folder only.

I spent a lot time figuring this out and it works!

Is there a way to have separate installations of Picasa on the same computer?

Automatically make or update a copy real-time on another hard drive volume whenever files are saved to a particular folder [duplicate]

My Computer hangs for a few minutes just after startup, and then is fine

Do I need to power off my Macbook Pro during commute between home and office?

Understanding DHCP discovery specific subnet

Using find to find files

Robocopy: show skipped files and files with an error while copying

How can I tell which versions of Windows 8 a program will work on?

How to set KDE desktop wallpaper from command line?

How to upgrade Git on Ubuntu? [duplicate]

How to execute a scheduled task with "schtasks" without opening a new command line window?