Hmm, it seems, that it doesn't always work like expected. I tried to secure a large directory with photos, but some of the items remain unprotected. If i apply it to the main folder first, is it supposed to work for all items, including files & all subfolders? Strangely, many folders were protected, others were not.
Another suggestion, if this is possible: the script could maybe show some notification, when all items were processed. Especially with a really large number of files.
If you lock the main folder, all subfolders should be locked as well. If you can (security-wise) run "icacls.exe " on one of your problem-folders and paste the results here, that should help us to reveal what's wrong.
This is what i get:
VORDEFINIERT\Administratoren:(I)(F)
VORDEFINIERT\Administratoren:(I)(OI)(CI)(IO)(F)
NT-AUTORITÄT\SYSTEM:(I)(F)
NT-AUTORITÄT\SYSTEM:(I)(OI)(CI)(IO)(F)
NT-AUTORITÄT\Authentifizierte Benutzer:(I)(M)
NT-AUTORITÄT\Authentifizierte Benutzer:(I)(OI)(CI)(IO)(M)
VORDEFINIERT\Benutzer:(I)(RX)
VORDEFINIERT\Benutzer:(I)(OI)(CI)(IO)(GR,GE)Mhh, there's an entry missing at the top, so it is indeed not locked currently.
Everyone:(DENY)(D,DC)
If you lock that folder directy, does it make a difference, is it locked then? Maybe run the command to lock the folder in a CMD prompt and watch out for errors. I'm curious to why it would not work for you, it worked for me and others flawlessly for quite some time.
ICacls.exe /deny *S-1-1-0:(DE,DC) /T /C /Q
[quote="tbone"]Mhh, there's an entry missing at the top, so it is indeed not locked currently.
Everyone:(DENY)(D,DC)[/quote]
I've run your code below, & indeed i have that entry now, Everyone:(DENY)(D,DC). But nevertheless i was able to delete an image in one of the subfolders. So, to avoid any misunderstanding, i have applied that command using cmd on the main folder, which contains hundreds of subfolders, which again contain a lot more folders each. Not sure, what is happening.
There is some error message, saying "1 file successfully processed, an error occured with 0 files" (translated). Maybe that's a hint?
[quote]I'm curious to why it would not work for you, it worked for me and others flawlessly for quite some time.
ICacls.exe /deny *S-1-1-0:(DE,DC) /T /C /Q[/quote]
I have to test it with other folders. I once had troubles with some folders, where i played around with permissions. Although i think, it was on another drive.
Some more info: as i just checked with the NTFS Permissions Tool, all entries have the green tag, indicating the "allowed" state for the current user, after i ran the LockOn command.
I don't think so. ICalc.exe seems to always show that "an error occured with.." message, but as long as the counter is "0" things should be fine. Maybe try this MSDOS Batch button seperatly, it runs icalc.exe without the /Q quiet-switch which gives some more details on the items it's acting on.
@nodeselect
@leavedoswindowopen
//deny delete and folder delete permission for [everyone] recursivly
ICacls.exe {filepath$|noterm} /deny *S-1-1-0:(DE,DC) /T /C
Wondered what this "NTFS Permission Tool" (NPT) is, so I tried! o)
NPT shows green/allowed for the locked files and folders here as well, but that's quite ok, since you can read and write, you just can't delete items anymore in Locked state. Don't know what to think of NPT yet, these "allow, deny, read-only" buttons do not work here as expected This is how the security settings look for a locked folder in NPT for me. For files it's the same, just without the "delete files and subfolders" entry, since it's not a folder.
Once i screwed up some folder, when i tried to achieve the goal that your script is intended for, protecting important files from accidental deletion, by playing around with the permissions in Windows itself. So that tool helped me to get rid of those completely messed up settings, finally, after things went wrong. I knew, that it was risky, so i'm only talking about certain folders i was experimenting with, for which i had backups, just in case. After that experience i didn't try again, until i found your lock on/off scripts.
Hmmm this was working for me... now it isn't ...
getting
D:\New Test Everyone:(OI)(CI)(DENY)(D,DC)
Seems like everything is correct permissions, is there something else in the OS that can override this... Sharing permissions are secondary to Security permissions right... ?
UPDATE
So I see that this is working in windows explorer but not in Opus, must be some setting, the permissions alert pops up in explorer, but nothing in Opus, just deletes the folder... don't know what the story is...
To aid visibility of this...
properties SETCOLOR= Red // for when locked (You need to make a red folder label in settings.)
properties SETCOLOR = !reset // when back to normal
UPDATE2
Needed to insert the @admin modifier into the functions and also think I forgot to swich one of them to MSdos batch function.
So needed to test with @leavedoswindowopen to see what was happening. I also restarted my machine and the permissions seem to be working in Opus...
I know this is an old and dead horse but sorry, I came after the party. What is the final word on that topic and how to make it work?
It still works, for me at least! o)
Important thing to remember (as is explained in the root post), to lock/unlock single items, the parent folder must have been locked as well. If you lock a folder, all the files within will be locked automatically.
I am not sure what the actual formula is after all that was discussed in the topic; I am entirely new to this... the button described further in the thread works for me but I don't know how to create its opposite, the unlock button.
Also... I just realized this won't work on a NAS 
You just need to copy the most upper two code snippets into clipboard and while DO is in customize mode, paste each snippet onto any toolbar. The buttons should appear and after quiting customize mode, they should be functional as is. The code further down this thread was more or less problem analysis for @abr, the initial code for these two buttons never changed and is what I use up to now.
It might work fine on a NAS, did you try? There are NAS' out there using NTFS, but I'm really not sure whether NTFS also means support for this access control list (ACL) thing or whether it's tied to windows operating system somehow.
Both code snippets lack the first line
<?xml version="1.0"?>
which makes pasting them a bit difficult 
(That's fixed now. --Leo)
Ah now I managed to paste... I can confirm that these button do exactly what they are supposed to do as long as it's about files on the pc's direct hd's. However, on a Synology DS216SE localized on the local network, it doesn't work.
I have not read it in depth but this says Synology support ACL permissions in DSM 5.0:
I don't know if they respect the same APIs that Windows/ICacls.exe use or if you have to change permissions via the device's own software.
I also don't know if DSM will understand the "well-known SIDs" -- like S-1-1-0 meaning "Everyone" -- which the commands in the root post use, or if it only works with individual user names.
Hi there, I never really got this to work due to Admin rights on my work PC. (calling icacls.exe ) As I do all my file management on Opus, as a more light weight solution here is a suggestion. It's not complete as I haven't scripted much in Opus due to the extensive built in commands. In theory seems to work fine. I would add back in a dialog box listing the 'locked' folders that couldn't be deleted.
1.Script a hotkey to make a folder 'locked'. Just colourize the folder RED for example and edit the comment metadata = "lock"
2.Overwrite all delete hotkeys/buttons to have a script that won't delete the folder if it finds comment metadata = "lock"; See example below. I had previously been using a long delete command using @ifpath = something - @confirm deletion, which worked really well, but is getting too long.
@script jscript
//this would replace the delete functions and hotkeys.
// main script entry point. clickData is a ClickData object
function OnClick(clickData) {
// create an enumerator object that will let us easily enumerate the files in the current tab.
// clickData.func is a Func object
// func.sourcetab is a Tab object
// sourcetab.files is a collection of Item objects
enumFiles = new Enumerator(clickData.func.sourcetab.selected);
enumFiles.moveFirst();
clickData.func.command.ClearFiles();//clear
//--------------------------------------------------------------------------------
// enumerate the files in the tab
while (enumFiles.atEnd() == false) {
var itm = enumFiles.item();
var comment = itm.metadata.other.usercomment;
if(comment!=="lock"){
clickData.func.command.AddFile(itm);
}
enumFiles.moveNext();
}
//--------------------------------------------------------------------------------
//Now only delete unlocked items...
clickData.func.command.RunCommand("delete");
}
Mhh.. your idea is light weight, yes. o)
The LockOn/Off is meant to work from everywhere, not just in DO. Most people also use cmd, powershell, scripts, explorer, app-x, app-z and weird other things to handle files and folders. Your idea of totally reconfiguring all the DO buttons, menus (and commands?) to prevent deletion of specific items does not seem to be a good idea! o)
That said, I actually did a similar thing. Whenever I delete/move a folder in DO which is less then x subfolders away from the root-folder, I get an extra confirmation step because the higher the folder, the more data in it. BUT: DO is not the same after you screwed with all menus, buttons, hotkeys, clipboard commands etc.. I cannot recommend, don't do it! It's for science only! o)
Yes I understand, I would describe it as 'extremely Lightweight'. It's not something to share as a button for others but in my case with restricted workflows it will be a simple solution. It's simply to prevent accidental deleting with my own hotkeys in Opus.
Thanks!
Assuming, that you have separate backups of your very important files (to be really safe), you could also try this code from lxp. It will give you one extra warning, before deleting stuff. You can configure it to be applied on specific folders.
// https://resource.dopus.com/t/i-need-some-help-with-my-delete-button-code/35295
function OnClick(clickData) {
var cmd = clickData.func.command;
var tab = clickData.func.sourcetab;
var dlg = clickData.func.Dlg();
cmd.deselect = false;
var dangerousFolders = /D:|E:\\Example|F:|G:\\etc
var isDangerous = dangerousFolders.test(String(tab.path));
if (isDangerous) {
cmd.RunCommand('Play FILE="/windows\\Media\\Windows Notify System Generic.wav" QUIET');
var deleteMessage = 'Files to be deleted:\n';
var k = cmd.files.count;
if (k > 100) {
deleteMessage += '\n... very very many: ' + k + ' files.\n\nWatch out!';
} else {
for (var e = new Enumerator(cmd.files); !e.atEnd(); e.moveNext()) {
deleteMessage += '\n' + e.item();
}
}
if (dlg.Request(deleteMessage) == 1) {
cmd.RunCommand('Delete REMOVECOLLECTION=auto');
}
} else {
cmd.RunCommand('Delete REMOVECOLLECTION=auto SHIFT RECYCLE');
}
}