NT HACKS - Deleting Files

Users Without Permissions Can Delete Files at Server

MS KB Article ID: Q142017
Creation Date: 03-JAN-1996
Revision Date: 13-SEP-1996

Original Article is here: http://www.microsoft.com/kb/articles/q142/0/17.htm

The information in this article applies to:

Microsoft Windows NT Server versions 3.5, 3.51, and 4.0

SYMPTOMS

If a domain user logs on at the server console, creates a file, and then removes all permissions from the file, no one except that user should be able to manipulate or delete that file. However, another domain user can log on at the server console and delete the file, even though the user does not have permission to do so.

Example

UserA and UserB are domain users only. They have permission to log on locally, and there is a directory on the server called Testdir. Everyone has full control of the directory. UserA logs on and creates a file called My.txt in the Testdir directory. She then removes all permissions from the file. A message appears to tell her that because she removed all permissions, no one except her will be able to do anything with the file.

UserA logs off and UserB logs on. He sees My.txt in the Testdir directory. All the security options in File Manager are greyed out with regard to My.txt. He is unable to change permissions on the file or take ownership of the file. This is expected behavior. If he tries to rename the file, open it in Notepad, or type it out at a prompt, he gets an Access Denied message. However, he can delete the file with no problem.

STATUS

Microsoft has confirmed this to be a problem in Windows NT version 3.51. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.