Zoodiaq
asked on
Protecting files from being deleted but allow rename/move
I would like to create some kind of protection for our scanned files.
The protection should be something like this:
When a files enters the folder on our server the users should be able to move it to another folder and also be able to rename the file, but not to delete it. Is that possible. I couldn't fint out how to resolve it with NTFS permissions.
We use SBS 2003 server and XP workstations.
Best regards,
Zoodiaq
The protection should be something like this:
When a files enters the folder on our server the users should be able to move it to another folder and also be able to rename the file, but not to delete it. Is that possible. I couldn't fint out how to resolve it with NTFS permissions.
We use SBS 2003 server and XP workstations.
Best regards,
Zoodiaq
ASKER
Then you can't rename the file.
No, I just test it my self, you either can test it, just create a new folder, set ntfs permission, and then try and let me know
ASKER
I made the test.
If you haven't enabled delete/delete subfolder you can't move the file to another folder and you can't rename the file.
If you haven't enabled delete/delete subfolder you can't move the file to another folder and you can't rename the file.
You may also want to look at this tool, it requires SP1 for 2003 be installed however: http://www.microsoft.com/downloads/details.aspx?FamilyID=04a563d9-78d9-4342-a485-b030ac442084&displaylang=en
-rich
-rich
ASKER
Its a nice tool, but I'm not sure it will solve the problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess you are right. It's just strange because it must an issue a lot of firms has to deal with to ensure that files doesn't get deleted either by mistake or deliberate.
Yes, I have always felt there should have been a feature along these lines. You may want to leave the question open for a while in case someone knows of something.
When you think about it, allowing a move/rename to an arbitrary location is virtually the same as a delete. Sometimes I am called to help a user who has moved and renamed a file and they can't remember where or when - it is as good as lost. Not unlike placing a library book in the wrong shelf.
When you think about it, allowing a move/rename to an arbitrary location is virtually the same as a delete. Sometimes I am called to help a user who has moved and renamed a file and they can't remember where or when - it is as good as lost. Not unlike placing a library book in the wrong shelf.
ASKER
I'm leaving it open for a while.
Server 2003 offers a service called shadow copy, it's pretty simple and straight forward and east to use. You can read up on it here....http://www.petri.co.il/how_to_use_the_shadow_copy_client.htm
Zoodiaq,
How about to make it hidden share, and then map it only on those users you want, in this case you save those important files from being shown to the others, and beside that keep doing daily backup whcih will keep a copy away in case some one deleted important file by mistake, this is my scenario.
HTH
Naser
How about to make it hidden share, and then map it only on those users you want, in this case you save those important files from being shown to the others, and beside that keep doing daily backup whcih will keep a copy away in case some one deleted important file by mistake, this is my scenario.
HTH
Naser
I found this article because I was facing the same problem. I think I may have found a solution.
My challenge was the same in that I have a client that doesn't want their users to be able to delete files in a particular folder - however - these users use the folder daily to create new customer data.
When you allow all permissions except "delete" and "delete subfolders and files" (deny those), the "modify" checkbox for allow on the regular permissions page is removed. This causes the users to not have the ability to rename a folder. This is a pain because they can create a folder, but it will just say New Folder and then when they try to rename it to something they get an error.
This totally makes sense, because Windows sees a rename as a move statement.. for example, the command: "ren c:\windows c:\windows_old" is actually "move c:\windows c:\windows_old" .. therefore deleting "c:\windows".
The easiest way is to keep the permissions as I explained and have the users prepare the document on their local workstation and THEN move it to the folder with the restrictive permissions on it. You can designate someone within the organization to be the cleanup person - and they would have full control.
Note: You will be able to create a document and name it whatever and then drag it to that folder. Also, you will be able to save a document to the shared folder from another program - such as word - with whatever name you need.
Since I've explained this to the client, I haven't had any problems - and they are happy.
Hope this helps,
Ira @ KVR
My challenge was the same in that I have a client that doesn't want their users to be able to delete files in a particular folder - however - these users use the folder daily to create new customer data.
When you allow all permissions except "delete" and "delete subfolders and files" (deny those), the "modify" checkbox for allow on the regular permissions page is removed. This causes the users to not have the ability to rename a folder. This is a pain because they can create a folder, but it will just say New Folder and then when they try to rename it to something they get an error.
This totally makes sense, because Windows sees a rename as a move statement.. for example, the command: "ren c:\windows c:\windows_old" is actually "move c:\windows c:\windows_old" .. therefore deleting "c:\windows".
The easiest way is to keep the permissions as I explained and have the users prepare the document on their local workstation and THEN move it to the folder with the restrictive permissions on it. You can designate someone within the organization to be the cleanup person - and they would have full control.
Note: You will be able to create a document and name it whatever and then drag it to that folder. Also, you will be able to save a document to the shared folder from another program - such as word - with whatever name you need.
Since I've explained this to the client, I haven't had any problems - and they are happy.
Hope this helps,
Ira @ KVR
Go to the folder, right click>Properties>Security>
Good Luck!
Naser