New to the forum, hope this isn't a repost.

I'm a SysAdmin for a Windows 2003 Server platform. I want the users - who are all within a domain group - to be able to create a new folder with underlying subfolders/files, then have them set permissions such that underlying subfolders/files can be added/deleted/modified, but the new folder itself cannot be deleted by the domain group (including the originator).

This seemed like it should be simple - after removing permission inheritance (copying the inherited permissions), edit the domain group permission entry to set 'deny delete - this folder only'. However, this doesn't work - the users can still delete not only the underlying stuff, but the new folder as well.

I've tried about every combination of permission settings possible, and just can't get the desired result. Is what I'm trying to do even possible? Does anybody know why 'deny delete' has no apparent effect? Any suggestions on what might work?