Question : Assist Q. w/security: Deny Delete right on folder does not prevent deletion

I was trying to help an asker in a different thread with a programming task, quickly finding myself entangled in the intricacies of modern Windows security. Since I don't understand what's happening and it is beyond the scope of my basic knowledge of Windows NTFS Security, I decided to pop the question myself (didn't find any decisive internet resource either). Should we dub this kind of questions "assist questions"?

The situation: as an administrator, you deny access for deletion of a folder to yourself.

Expected result: you cannot delete the folder anymore (according to the warning you get "Deny has higher privilege then Allow regardless of group membership")

Actual result: you can still delete the folder, no warning or "access denied" of any kind

The only way I seemed to actually be able to prevent deletion of a folder was to remove all inherited permissions, give owner rights to a non-admin and give Deny-All rights for myself. However, that worked only temporarily, it proofed not a repeatable experiment.

Now, how hard can it be to have a "Deny all or spec. user for deletion of this folder" permission? Help is appreciated, insight in why this doesn't work the way I thought it was supposed to work is even more appreciated.

-- Abel --

PS: the related question: http://www.experts-exchange.com/Q_24466667.html
PPS: I tried this on Windows Vista Business, no idea whether it is equally non-trivial on other versions (I remember NT for being simpler at this).

Answer : Assist Q. w/security: Deny Delete right on folder does not prevent deletion

How NTFS Works (specific example relating to NTFS Deny):
http://207.46.16.252/en-us/magazine/2005.11.howitworksntfs.aspx
I have no official documentation stating that overriding Deny entries is normal behavior, but in practice when you have Administrator (God rights) to the physical box, that trumps any NTFS ACEs that are set.
The assumption is that people apart of the Administrators group work in IT and the rest of the users are in the local Users group.

Random Solutions

input form fields into table ms access vba

Notification area disappeared

Terminal services keep disconnecting

Odd synch issue with Nokia Mail for Exchange

SqlConnection Broken Notification

Get-EventLog : how to sort and group by date (not date AND TIME)

VBA Email via Access and Outlook EXPRESS MailItem Object???

SYSERR(root): savemail: cannot save rejected email anywhere

Set initial dir of SHBrowseForFolder function

NLB with 2 Windows 2003 Server Virtual Machines (VM) (500 points)