windows - Setting Writable Permission only for Administrators inside PROGRAM_DATA folder -

i've been experimenting lot of headaches implementing behavior permission in windows 7.

i have following directory structure (inside program_data):

• c:\programdata\foo\
  • c:\programdata\foo\test1\
  • c:\programdata\foo\test2\

the root folder has permission everyone. , shall because can write new files @ level of foo folder.

the test1 folder has permission everyone.

the test2 must have following rule: folders/files must writable administrators, , can read. rule shall applicable test2 folder itself.

now, everyting works well, except case:

everyone can rename test2 folder. of course, favor can renamed it, create new folder it's same name , on (an attack).

is there solution? maybe strange combination of permissions?