Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ACL Access

Posted on 2004-03-24
1
Medium Priority
?
373 Views
Last Modified: 2010-04-19
We have a windows 2003 file server (Also DC). Users connect to a data share on the srever. The share permissions are set to "Full Control" for all users. The security permissions for the file system are set with special permissions for users:
Traverse Folder
List Folder
Read Attributes
Read extended attributes
Read Permisions

These equate to a "List Folder Contents" ACL in the main ACL screen.

Below the shared folder are a number of departmental folders e.g. Finance, Purchasing etc.

What we are trying to achieve is that people have all access to their relevant folder (controlled via departmental group access) but cannot delete any files. The main reason for this is that a Finance user could inadvertantly (?) select the finance folder within the share and delete the entire contents. We can restrict the folder from deleteion but that will still allow the contents to be removed before failing at the folder level.

We can deny the delete access by removing the "Delete" and "Delete subfolders and files" permissions from the special permissions section. However if we do that users cannot rename files or save them under a different name. Removing the "Delete" permission also removes the "Modify" permission!!

Is there a way to achieve both goals i.e. prevent file deleteion but still allow users the flexibility of renaming or performing a "Save as" for files?

0
Comment
Question by:johndawsonbooth
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 16

Accepted Solution

by:
JamesDS earned 1200 total points
ID: 10670445
Sorry but no:

A rename action is effectively the same as copy to a new filename and delete the original
Anything that allows a modify must also allow a delete as a user could simply open the file and empty the contents

As an alternative I suggest you look at the volume shadow copy service to protect accidentally deleted files/folders and/or perhaps an enterprise undelete tool as offered by may vendors

Cheers

JamesDS
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question