[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Protecting files from being deleted but allow rename/move

Posted on 2006-05-06
15
Medium Priority
?
246 Views
Last Modified: 2013-12-04
I would like to create some kind of protection for our scanned files.

The protection should be something like this:
When a files enters the folder on our server the users should be able to move it to another folder and also be able to rename the file, but not to delete it. Is that possible. I couldn't fint out how to resolve it with NTFS permissions.

We use SBS 2003 server and XP workstations.


Best regards,

Zoodiaq
0
Comment
Question by:Zoodiaq
  • 5
  • 3
  • 2
  • +3
13 Comments
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 16622993
Greetings Zoodiaq,

Go to the folder, right click>Properties>Security>Advanced>Edit>Check every thing except delete, delete subfolder, & take ownership.

Good Luck!

Naser
0
 

Author Comment

by:Zoodiaq
ID: 16623013
Then you can't rename the file.
0
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 16623028
No, I just test it my self, you either can test it, just create a new folder, set ntfs permission, and then try and let me know
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:Zoodiaq
ID: 16623031
I made the test.

If you haven't enabled delete/delete subfolder you can't move the file to another folder and you can't rename the file.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16623605
You may also want to look at this tool, it requires SP1 for 2003 be installed however: http://www.microsoft.com/downloads/details.aspx?FamilyID=04a563d9-78d9-4342-a485-b030ac442084&displaylang=en
-rich
0
 

Author Comment

by:Zoodiaq
ID: 16624601
Its a nice tool, but I'm not sure it will solve the problem.
0
 
LVL 32

Accepted Solution

by:
r-k earned 2000 total points
ID: 16625516
I don't think what you want is possible. Moving a file means deleting it's entry from the original location, then re-creating it in a new location. If you disallow the first step, then the Move becomes impossible.

There may be some 3rd-party solution that allows this in a limited way, but I am not aware of any.
0
 

Author Comment

by:Zoodiaq
ID: 16625555
I guess you are right. It's just strange because it must an issue a lot of firms has to deal with to ensure that files doesn't get deleted either by mistake or deliberate.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16625571
Yes, I have always felt there should have been a feature along these lines. You may want to leave the question open for a while in case someone knows of something.

When you think about it, allowing a move/rename to an arbitrary location is virtually the same as a delete. Sometimes I am called to help a user who has moved and renamed a file and they can't remember where or when - it is as good as lost. Not unlike placing a library book in the wrong shelf.
0
 

Author Comment

by:Zoodiaq
ID: 16625581
I'm leaving it open for a while.
0
 

Expert Comment

by:pacerintl
ID: 16627841
Server 2003 offers a service called shadow copy, it's pretty simple and straight forward and east to use.  You can read up on it here....http://www.petri.co.il/how_to_use_the_shadow_copy_client.htm
0
 
LVL 15

Expert Comment

by:Naser Gabaj
ID: 16628049
Zoodiaq,

How about to make it hidden share, and then map it only on those users you want, in this case you save those important files from being shown to the others, and beside that keep doing daily backup whcih will keep a copy away in case some one deleted important file by mistake, this is my scenario.

HTH

Naser
0
 
LVL 3

Expert Comment

by:KVR_Solutions
ID: 16833514
I found this article because I was facing the same problem. I think I may have found a solution.

My challenge was the same in that I have a client that doesn't want their users to be able to delete files in a particular folder - however - these users use the folder daily to create new customer data.

When you allow all permissions except "delete" and "delete subfolders and files" (deny those), the "modify" checkbox for allow on the regular permissions page is removed. This causes the users to not have the ability to rename a folder. This is a pain because they can create a folder, but it will just say New Folder and then when they try to rename it to something they get an error.

This totally makes sense, because Windows sees a rename as a move statement.. for example, the command: "ren c:\windows c:\windows_old" is actually "move c:\windows c:\windows_old" .. therefore deleting "c:\windows".

The easiest way is to keep the permissions as I explained and have the users prepare the document on their local workstation and THEN move it to the folder with the restrictive permissions on it. You can designate someone within the organization to be the cleanup person - and they would have full control.

Note: You will be able to create a document and name it whatever and then drag it to that folder. Also, you will be able to save a document to the shared folder from another program - such as word - with whatever name you need.

Since I've explained this to the client, I haven't had any problems - and they are happy.

Hope this helps,


Ira @ KVR
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question