Can you make a user unable to delete?

[mike6623]

Is there a way to set permissions so that the user can read, write, execute, move, etc, all of that and NOT be able to delete? If so, how?

 

[strollin]

As far as I know, no. The ability to delete comes with the permission to write so the only way to prevent a user from deleting would be to only give read permission.

 

[MilesAhead]

An easy way to limit the user may be to enable the Guest account and make the person use that. As soon as they log off all changes are erased. Any data they want to save has to be written to their USB stick like using the Public Library PCs.

Of course they might not like you much afterwards.

 

[Alejandro85]

To some extent it can be done for any file or folder you want to protect, but with a few caveats.
Move is fundamentally a copy + deleting the original, so if you deny delete automatically deny move (but can still copy).
Writing to a file and modifying it can be nearly equal to deleting. If a user is able to modify a file, he can always remove the whole content, leaving a 0 bytes file. Technically not deleted, but still useless in practice.

In file properties, go to security tab, then advanced options, then open the user in the list and modify its permissions. Just deny the "delete" option in the list below.
Of course, the user should not be administrator, or have ownership or full control over that file, otherwise he can just lift the block himself.

 

[Pyprohly]

As far as I know, no. The ability to delete comes with the permission to write so the only way to prevent a user from deleting would be to only give read permission.

Untrue. While slightly complex, NTFS permissions allow for implementing some the most precise access rules any OS out there has to offer.

Move is fundamentally a copy + deleting the original, so if you deny delete automatically you deny move (but can still copy).

Tested and approved. If you can't delete a file, it's safe to say you can't move it either.

Writing to a file and modifying it can be nearly equal to deleting. If a user is able to modify a file, he can always remove the whole content, leaving a 0 bytes file. Technically not deleted, but still useless in practice.

Agreed. If you can write to a file, you virtually have the ability to delete it by erasing the file’s content. A file with Delete permissions denied but lacking Write deny is something you’d rarely find.

What's the point in a user being denied only delete permissions to a file if they can overwrite it?

In file properties, go to security tab, then advanced options, then open the user in the list and modify its permissions. Just deny the "delete" option in the list below.

Just denying the Delete permission on a file is not enough to prevent a user from deleting the file. For the Delete permission to become effective, two permission changes must be done: along with denying the Delete permission on the file, the file’s parent folder must also have the Delete Subfolders and Files permission denied.

Denying a user from deleting an item requires one to change a permission on that item as well as a permission on a folder above it. I’m not entirely sure why the NTFS Delete permission is unintuitive like this, but my understanding is that a delete operation is an operation performed on a folder, not the actual file.