I've gone in circles over this for a while, here's the background:
Small accounting firm (20 users at most)
Windows Server 2003 system acting as mostly a file system
Programs are installed and loaded on local drives, and grab data off the server
We have a directory called G:\Clients\ in which all documents reside
An example file would be G:\Clients\Business\Spacely Sprockets\2005\Engagement Letter.doc
Another example file would be G:\Clients\Trusts\Edward Jones\2004\Accountants Report.pdf
Users need to be able to access and have full rights to these documents. What's happening more and more though, is people are moving entire directories around or deleting them.
Say they want to delete that Engagement Letter.doc above. For some reason they highlight all the client directories at Spacely Sprockets through Z and "accidentally" drag them to something like G:\Tax32\install\wksetup\
I would just make it so they can't delete files, but Office makes .tmp files when you open a file. So when they go to close it, and Office deletes that .tmp file, it won't let them because of the no delete permission. And various other software we use works the same way.
I really need to be able to lock down directories, while still retaining the rights to modify files. I've tried setting a policy that disallows deleting folders, but accessing files. Well under that condition they can still do as in the example above, all the files are moved to G:\Tax32\install\wksetup\ The directories under G:\Clients\Business\S through Z are still there, but now all empty. So yeah, didn't let them delete after the move, but didn't solve the problem :(
I've got to be missing some easy solution to this, or a better way of doing it. I can't just tell them to quit doing it, and can't deny permission to do things like delete files since the main culprit is a boss.
Even if I have to revamp how we handle documents and stuff, that's fine. I just need a way to keep people from moving everything around.