Users keep moving directories.  Can I lock them down while still leaving full access to files?

Posted on 2006-04-08
Medium Priority
Last Modified: 2010-04-18
I've gone in circles over this for a while, here's the background:

Small accounting firm (20 users at most)
Windows Server 2003 system acting as mostly a file system
Programs are installed and loaded on local drives, and grab data off the server

We have a directory called G:\Clients\ in which all documents reside

An example file would be G:\Clients\Business\Spacely Sprockets\2005\Engagement Letter.doc
Another example file would be G:\Clients\Trusts\Edward Jones\2004\Accountants Report.pdf

Users need to be able to access and have full rights to these documents.  What's happening more and more though, is people are moving entire directories around or deleting them.

Say they want to delete that Engagement Letter.doc above.  For some reason they highlight all the client directories at Spacely Sprockets through Z and "accidentally" drag them to something like G:\Tax32\install\wksetup\

I would just make it so they can't delete files, but Office makes .tmp files when you open a file.  So when they go to close it, and Office deletes that .tmp file, it won't let them because of the no delete permission.  And various other software we use works the same way.

I really need to be able to lock down directories, while still retaining the rights to modify files.  I've tried setting a policy that disallows deleting folders, but accessing files.  Well under that condition they can still do as in the example above, all the files are moved to G:\Tax32\install\wksetup\     The directories under G:\Clients\Business\S through Z are still there, but now all empty.  So yeah, didn't let them delete after the move, but didn't solve the problem :(

I've got to be missing some easy solution to this, or a better way of doing it.  I can't just tell them to quit doing it, and can't deny permission to do things like delete files since the main culprit is a boss.  

Even if I have to revamp how we handle documents and stuff, that's fine.  I just need a way to keep people from moving everything around.
Question by:Dingo321

Expert Comment

ID: 16411103
have a look at this

you can also audit folders so you can see who is deleting the folders ect

Accepted Solution

camackay earned 1000 total points
ID: 16411254
What I would be doing is granting everyone "read" access on the higher level folder only, so they can at least get in to it, and then allowing full access down lower.  This will prevent them deleting/moving entire folders.

It's a bit more work for you, but will solve the problem.  I use that system at times myself and it works.  Where it becomes a problem (well not really a problem) is when users require a new folder you will need to create it and assign permissions if it's in the higher level in the tree.

I hope I made sense!  Ask more if you need to.

Expert Comment

ID: 16829485
Thanks...I was wondering what happened to this one!

Author Comment

ID: 16832967
Yes I know, first post and already broke the rules :(

We have been swamped at work and have not been able to attempt to fix this yet.  Still having problems...but hopefully can get to this in a few days.  

LVL 39

Expert Comment

ID: 16837532
Hi Dingo321,

Dont be freaked out by the administrative orange colour, you are not in trouble!

Closing and managing their own questions is something that everyone has to learn, the fact that you came back and explained your position helps a lot.

I will recommend that this question be left open, but if there is no activity for 21 days, it will be back in the queue for closure.

Thanks, and good luck

EE Cleanup Volunteer

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question