The Delphix Engine updates each database and log file ACL to include a deny-delete "access control entry" (ACE) for the user account running the SQL Server instance.

You can still drop VDBs directly through SQL Server tools. However, a warning message will be displayed, and the files will remain on the volume that the Delphix Engine exports. This file deletion prevention also applies to attempts to remove files from a database using the ALTER DATABASE .. REMOVE FILE command.

If a VDB is inadvertently dropped, you can reattach the database using SQL Server tools.

If you attempt to delete a database or log file and then try to add a file of the same name, this may fail because the original file was prevented from being deleted by the deny-delete ACE.

If you intend to delete the files from the volume that the Delphix Engine provides, you can change the ACLs on the files using the icacls command:

icacls <file> /remove <SQL Server instance account>:deny(D)

Accounts other than the SQL Server instance account will not be prevented from deleting the VDB database and log files.