Users keep moving directories.  Can I lock them down while still leaving full access to files?

Posted on 2006-04-08
Last Modified: 2010-04-18
I've gone in circles over this for a while, here's the background:

Small accounting firm (20 users at most)
Windows Server 2003 system acting as mostly a file system
Programs are installed and loaded on local drives, and grab data off the server

We have a directory called G:\Clients\ in which all documents reside

An example file would be G:\Clients\Business\Spacely Sprockets\2005\Engagement Letter.doc
Another example file would be G:\Clients\Trusts\Edward Jones\2004\Accountants Report.pdf

Users need to be able to access and have full rights to these documents.  What's happening more and more though, is people are moving entire directories around or deleting them.

Say they want to delete that Engagement Letter.doc above.  For some reason they highlight all the client directories at Spacely Sprockets through Z and "accidentally" drag them to something like G:\Tax32\install\wksetup\

I would just make it so they can't delete files, but Office makes .tmp files when you open a file.  So when they go to close it, and Office deletes that .tmp file, it won't let them because of the no delete permission.  And various other software we use works the same way.

I really need to be able to lock down directories, while still retaining the rights to modify files.  I've tried setting a policy that disallows deleting folders, but accessing files.  Well under that condition they can still do as in the example above, all the files are moved to G:\Tax32\install\wksetup\     The directories under G:\Clients\Business\S through Z are still there, but now all empty.  So yeah, didn't let them delete after the move, but didn't solve the problem :(

I've got to be missing some easy solution to this, or a better way of doing it.  I can't just tell them to quit doing it, and can't deny permission to do things like delete files since the main culprit is a boss.  

Even if I have to revamp how we handle documents and stuff, that's fine.  I just need a way to keep people from moving everything around.
Question by:Dingo321
    LVL 6

    Expert Comment

    have a look at this

    you can also audit folders so you can see who is deleting the folders ect
    LVL 2

    Accepted Solution

    What I would be doing is granting everyone "read" access on the higher level folder only, so they can at least get in to it, and then allowing full access down lower.  This will prevent them deleting/moving entire folders.

    It's a bit more work for you, but will solve the problem.  I use that system at times myself and it works.  Where it becomes a problem (well not really a problem) is when users require a new folder you will need to create it and assign permissions if it's in the higher level in the tree.

    I hope I made sense!  Ask more if you need to.
    LVL 2

    Expert Comment

    Thanks...I was wondering what happened to this one!

    Author Comment

    Yes I know, first post and already broke the rules :(

    We have been swamped at work and have not been able to attempt to fix this yet.  Still having problems...but hopefully can get to this in a few days.  

    LVL 39

    Expert Comment

    Hi Dingo321,

    Dont be freaked out by the administrative orange colour, you are not in trouble!

    Closing and managing their own questions is something that everyone has to learn, the fact that you came back and explained your position helps a lot.

    I will recommend that this question be left open, but if there is no activity for 21 days, it will be back in the queue for closure.

    Thanks, and good luck

    EE Cleanup Volunteer

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    A quick step-by-step overview of installing and configuring Carbonite Server Backup.
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now