Disabling Delete Across AD Network
Posted on 2005-04-28
I am looking at removing the Delete permission from every folder on the network, and then implementing a Delete Permission for Domain Admins only. My main question is wheher this would be likely to have any effect on users. I am not sure if it would cause problems with any applications.
My aim here is to stamp out users calling our Helpdesk to say "Someone has deleted this folder and we need it back by tomorrow morning" and the folder is 5GB and the restore tapes wont be delivered for 2 hours and they tell you this at 4:30pm.
If we can stop them deleting the files and folders "Accidentally" then thats what I want to do.
Maybe another idea, crate a No Delete group in AD and at root level apply an Explicit Deny on Delete Permission.
Add users to this group and we can remove them if there is a need for them to have these permisssions.
Would either of these work for us?
If so which is best?
What problems could we run into?