Protecting files from being deleted but allow rename/move

I would like to create some kind of protection for our scanned files.

The protection should be something like this:
When a files enters the folder on our server the users should be able to move it to another folder and also be able to rename the file, but not to delete it. Is that possible. I couldn't fint out how to resolve it with NTFS permissions.

We use SBS 2003 server and XP workstations.


Best regards,

Zoodiaq
ZoodiaqAsked:
Who is Participating?
 
r-kConnect With a Mentor Commented:
I don't think what you want is possible. Moving a file means deleting it's entry from the original location, then re-creating it in a new location. If you disallow the first step, then the Move becomes impossible.

There may be some 3rd-party solution that allows this in a limited way, but I am not aware of any.
0
 
Naser GabajE&P Senior Software SpecialistCommented:
Greetings Zoodiaq,

Go to the folder, right click>Properties>Security>Advanced>Edit>Check every thing except delete, delete subfolder, & take ownership.

Good Luck!

Naser
0
 
ZoodiaqAuthor Commented:
Then you can't rename the file.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Naser GabajE&P Senior Software SpecialistCommented:
No, I just test it my self, you either can test it, just create a new folder, set ntfs permission, and then try and let me know
0
 
ZoodiaqAuthor Commented:
I made the test.

If you haven't enabled delete/delete subfolder you can't move the file to another folder and you can't rename the file.
0
 
Rich RumbleSecurity SamuraiCommented:
You may also want to look at this tool, it requires SP1 for 2003 be installed however: http://www.microsoft.com/downloads/details.aspx?FamilyID=04a563d9-78d9-4342-a485-b030ac442084&displaylang=en
-rich
0
 
ZoodiaqAuthor Commented:
Its a nice tool, but I'm not sure it will solve the problem.
0
 
ZoodiaqAuthor Commented:
I guess you are right. It's just strange because it must an issue a lot of firms has to deal with to ensure that files doesn't get deleted either by mistake or deliberate.
0
 
r-kCommented:
Yes, I have always felt there should have been a feature along these lines. You may want to leave the question open for a while in case someone knows of something.

When you think about it, allowing a move/rename to an arbitrary location is virtually the same as a delete. Sometimes I am called to help a user who has moved and renamed a file and they can't remember where or when - it is as good as lost. Not unlike placing a library book in the wrong shelf.
0
 
ZoodiaqAuthor Commented:
I'm leaving it open for a while.
0
 
pacerintlCommented:
Server 2003 offers a service called shadow copy, it's pretty simple and straight forward and east to use.  You can read up on it here....http://www.petri.co.il/how_to_use_the_shadow_copy_client.htm
0
 
Naser GabajE&P Senior Software SpecialistCommented:
Zoodiaq,

How about to make it hidden share, and then map it only on those users you want, in this case you save those important files from being shown to the others, and beside that keep doing daily backup whcih will keep a copy away in case some one deleted important file by mistake, this is my scenario.

HTH

Naser
0
 
KVR_SolutionsCommented:
I found this article because I was facing the same problem. I think I may have found a solution.

My challenge was the same in that I have a client that doesn't want their users to be able to delete files in a particular folder - however - these users use the folder daily to create new customer data.

When you allow all permissions except "delete" and "delete subfolders and files" (deny those), the "modify" checkbox for allow on the regular permissions page is removed. This causes the users to not have the ability to rename a folder. This is a pain because they can create a folder, but it will just say New Folder and then when they try to rename it to something they get an error.

This totally makes sense, because Windows sees a rename as a move statement.. for example, the command: "ren c:\windows c:\windows_old" is actually "move c:\windows c:\windows_old" .. therefore deleting "c:\windows".

The easiest way is to keep the permissions as I explained and have the users prepare the document on their local workstation and THEN move it to the folder with the restrictive permissions on it. You can designate someone within the organization to be the cleanup person - and they would have full control.

Note: You will be able to create a document and name it whatever and then drag it to that folder. Also, you will be able to save a document to the shared folder from another program - such as word - with whatever name you need.

Since I've explained this to the client, I haven't had any problems - and they are happy.

Hope this helps,


Ira @ KVR
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.