Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Something moving files and folders on server share - anybody ever had this?

Posted on 2006-11-17
14
Medium Priority
?
293 Views
Last Modified: 2010-04-18
Couldn't find Windows 2K Server section so hope it's OK to post here - Our file server runs Windows 2000 Server and over the years, we have occasionally noticed files and folders appearing in other folders.  This doesn't happen often and normally I would put it down to an accident but the way it is happening cannot be done accidentally.  All users are competent and would know if they had cut a folder, moved to another folder and pasted it and for such a small company, this would be a completely pointless task.  This is why I am assuming it is something rather than somebody, so lets concentrate on what could be causing this.

I have since applied auditing but it is so intermittent I doubt this will help.  I just wanted to know if anybody has had a similar problem.

Note: I recently installed a new high capacity SATA drive and moved all data to this, so it can't be an issue with the drive.  The only things actually running on it are -

Veritas Backup Exec every night
Sophos Update

Thanks
0
Comment
Question by:fuzzyfreak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
14 Comments
 
LVL 18

Expert Comment

by:PowerIT
ID: 17964641
I'm convinced that this is indeed by accident caused by users. I have seen this happen a lot. Auditing helped to pinpoint a user. Usually a different one each time.
And it always happens to my users at very busy times. And they never know that they did this, or don't want to admit it. And it's also with competent users.
I think that it's not through cut and paste, but through accidental drag and drop in explorer.
It can happen very easy and quick if the folders are not too large on a fast network you wouldn't notice it. And if the user is disturbed at the moment it happens then he certainly would not notice it.

Hope this helps.

J.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17964654
I've had that issue, but I most certainly could not say, "All users are competent."  In fact, that statement seems to be an oxymoron to me.  ;)

0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 17965225
I am still not convinced, very few of our users actually use My Computer, none use Explorer.  This particular incident took 4 enitre folders out of a root folder and placed into another root folder, this cannot be done by accident through drag and drop.  Another folder had all its files taken out that began with a through to b - so the only ones left were from c to z.  The files were then found in another root folder with the sub folder having the same name as the original - so for this to happen, somebody would have had to create a new folder, name it, take out all files from original with name beginning a or b and paste into the new folder.  This would not have achieved anything and there is no reaosn why anybody would be doing this.  I have a lot of respect for our users and disagree with your pretentious comment Adam.

Either way, I'll keep an eye on the audit logs and hopefully will still be able to post to this thread in a years time.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17965335
Fuzzy,

I'm sorry you took the comment as pretentious.  I included a little winky face to let you know it's not entirely in earnest.  Depending on the industry, there can obviously be a higher percentage of competent users than others.  In general, though, most businesses are not comprised of a group of users who understand how things operate on their systems.  If yours is, more the better for you and congrats.

The point I was really trying to make through perhaps a bad attempt at humor is that all users eventually do things like that.  I had folders moved wherein "no one did it", and it was one of my more "competent users" who was just too embarassed to admit it (it was a rather important directory used daily that caused a huge uproar when it "disappeared") and was afraid to move it back.  No big deal; got it fixed and the problem locked down as soon as I figured out it was actually user interaction and not some evil virus.

0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17965341
You also use explorer when opening a file in Word, Excel, PowerPoint etc ...
And the scenario you are describing is very typical: the move starts through e.g. drag and drop. The users sees it, panics and presses cancel. Result: a through b moved, all the rest not. It's so recognizable to me. And users are only human, however well regarded.
Also, if on the same volume rights are copied with the files. With root you probably mean a share isn't it?
What you describe is very possible, but would also depend on the ACL's of the files, folders. Can you post those for a case that happened (including the levels above and the inheritance settings?

J.
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17965356
PowerIT,

The cancel button issue sounds exactly like what happened here.  Until I figured that out, I spent a good few hours trying to figure out how the "virus" was moving files beginning with numbers and the letter A, but not anything else :)
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17965404
Yes Adam, also what you described, it's all so recongizable that I started laughing out loud.
But, fuzzyfreak still gets the benefit of the doubt, until he is convinced or can prove otherwise through logs and showing the ACL's etc.

J.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 17965442
Apology accepted Adam, I knew you were joking and yes, I am very lucky to have raised a competent batch of users, this is all about having a good call logging process and training documentation.  

Thanks both for your input, I must admit I do want to beleive it is user error because I can accept that, if it is a technical issue, I want to know what is causing it.  What you both might be able to help me with is, is there any way of protecting a folder structure at all?  All my users need modify rights to most files on the file server, so how do I protect the folder structure?
0
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 500 total points
ID: 17966179
I have been thinking about this for years, and my conclusion has alsways been: you can’t without severely restricting the users.
Bear with me:
NTFS has no move permission.  The permissions that include this are delete and write.  If a user has write permission to a folder then they can move anything into that folder. If a user has delete permission to a folder then they can move anything out of that folder. Maybe one day, MS will create it a move permission...
In any case, the users must have read and write permission. That means that he can move/copy also.
You could remove the delete permission, but the user will still be able to copy the folder or file to a location where he has create rights. He will not be able to delete the original and get an error message, but the copy portion of the move will have taken place. And a lot of applications will not be able to handle having write permissions but not delete, when they create a new version of a file.
So the only obvious thing is not giving write permission to the possible destination folders. But that won’t prevent a user from moving to places where he has that permission.

I currently solve those ‘help, the folder has vanished’-calls by using Volume Shadow Copy on 2003 server. Quickly restore the folder so that users can at least revert back to the version of the last snapshot. And then find out where the hell they moved it and do the cleanup work.

Maybe there is a third party tool out there to do just that. But I haven't seen it yet.

J.
0
 
LVL 16

Accepted Solution

by:
AdamRobinson earned 500 total points
ID: 17966375
I also can't give an easy solution.  I moved a lot of it to an internal Sharepoint site, which gave me a bit more control over what was happening (basically by making it harder for a user to accidently destroy something).

Did just give me an idea I'm going to go test though.  Pretty sure it will fail, but what the heck.
0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 17979096
Interesting idea there Adam about managing through sharepoint - I presume your users can access the server files through companyweb but not through My Computer/Explorer?

Am I to also assume, further to PowerIT's comment, that it still won't stop users making mistakes through the Open File dialogue?  Can you access companyweb through the Open File dialogue and restrict access to the server files?
0
 
LVL 16

Expert Comment

by:AdamRobinson
ID: 17982747
Fuzzy:

Correct, they're allowed access to it through Sharepoint, but not through my comp/windows explorer -- at least on the documents and files relegated to Sharepoint land.    

They can still wreak some havoc, but the fact that it requires multiple clicks to perform bad actions now limits it greatly.

This isn't so much about actually making an effective permission list that keeps users from performing bad actions (they still have access to another drive which is shared), but in putting non-prohibitive means of slowing them down on actions like delete.  

0
 
LVL 4

Author Comment

by:fuzzyfreak
ID: 18386474
You may go ahead and archive this question.  It has yet to happen again and until it happens a few more times, I will nto be able to diagnose the issue.

I very much appreciate the comments of both participants (Experts)

Many thanks

Fuzzy.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question