на самом деле, не так, а так:
https://mskb.pkisolutions.com/kb/152763
Цитата:
|
Windows NT supports a hidden permission called File Delete Child (FDC) on NTFS volumes. Users who have full control permission on a volume or directory also have the FDC permission. This permission allows a user to delete files at the root level of the directory where they have full control, even if they do not have any permissions on the specific file itself.
|
Цитата:
I have found another difference.
Symbolic Link - Link's permissions only affect delete/rename operations on the link itself, read/write access (to the target) is governed by the target's permissions
Junction - Junction's permissions affect enumeration, revoking permissions on the junction will deny file listing through that junction, even if the target folder has more permissive ACLs
|
вместо junction - делаем symlink, запретить доступ, "Все",
"Полный доступ",
"Для этой папки, её подпапок и файлов", а потом меняем владельца на non-admin, и non-user
а теперь - повторить, только с обычной папкой.
