fuzzyfreak
asked on
Something moving files and folders on server share - anybody ever had this?
Couldn't find Windows 2K Server section so hope it's OK to post here - Our file server runs Windows 2000 Server and over the years, we have occasionally noticed files and folders appearing in other folders. This doesn't happen often and normally I would put it down to an accident but the way it is happening cannot be done accidentally. All users are competent and would know if they had cut a folder, moved to another folder and pasted it and for such a small company, this would be a completely pointless task. This is why I am assuming it is something rather than somebody, so lets concentrate on what could be causing this.
I have since applied auditing but it is so intermittent I doubt this will help. I just wanted to know if anybody has had a similar problem.
Note: I recently installed a new high capacity SATA drive and moved all data to this, so it can't be an issue with the drive. The only things actually running on it are -
Veritas Backup Exec every night
Sophos Update
Thanks
I have since applied auditing but it is so intermittent I doubt this will help. I just wanted to know if anybody has had a similar problem.
Note: I recently installed a new high capacity SATA drive and moved all data to this, so it can't be an issue with the drive. The only things actually running on it are -
Veritas Backup Exec every night
Sophos Update
Thanks
I've had that issue, but I most certainly could not say, "All users are competent." In fact, that statement seems to be an oxymoron to me. ;)
ASKER
I am still not convinced, very few of our users actually use My Computer, none use Explorer. This particular incident took 4 enitre folders out of a root folder and placed into another root folder, this cannot be done by accident through drag and drop. Another folder had all its files taken out that began with a through to b - so the only ones left were from c to z. The files were then found in another root folder with the sub folder having the same name as the original - so for this to happen, somebody would have had to create a new folder, name it, take out all files from original with name beginning a or b and paste into the new folder. This would not have achieved anything and there is no reaosn why anybody would be doing this. I have a lot of respect for our users and disagree with your pretentious comment Adam.
Either way, I'll keep an eye on the audit logs and hopefully will still be able to post to this thread in a years time.
Either way, I'll keep an eye on the audit logs and hopefully will still be able to post to this thread in a years time.
Fuzzy,
I'm sorry you took the comment as pretentious. I included a little winky face to let you know it's not entirely in earnest. Depending on the industry, there can obviously be a higher percentage of competent users than others. In general, though, most businesses are not comprised of a group of users who understand how things operate on their systems. If yours is, more the better for you and congrats.
The point I was really trying to make through perhaps a bad attempt at humor is that all users eventually do things like that. I had folders moved wherein "no one did it", and it was one of my more "competent users" who was just too embarassed to admit it (it was a rather important directory used daily that caused a huge uproar when it "disappeared") and was afraid to move it back. No big deal; got it fixed and the problem locked down as soon as I figured out it was actually user interaction and not some evil virus.
I'm sorry you took the comment as pretentious. I included a little winky face to let you know it's not entirely in earnest. Depending on the industry, there can obviously be a higher percentage of competent users than others. In general, though, most businesses are not comprised of a group of users who understand how things operate on their systems. If yours is, more the better for you and congrats.
The point I was really trying to make through perhaps a bad attempt at humor is that all users eventually do things like that. I had folders moved wherein "no one did it", and it was one of my more "competent users" who was just too embarassed to admit it (it was a rather important directory used daily that caused a huge uproar when it "disappeared") and was afraid to move it back. No big deal; got it fixed and the problem locked down as soon as I figured out it was actually user interaction and not some evil virus.
You also use explorer when opening a file in Word, Excel, PowerPoint etc ...
And the scenario you are describing is very typical: the move starts through e.g. drag and drop. The users sees it, panics and presses cancel. Result: a through b moved, all the rest not. It's so recognizable to me. And users are only human, however well regarded.
Also, if on the same volume rights are copied with the files. With root you probably mean a share isn't it?
What you describe is very possible, but would also depend on the ACL's of the files, folders. Can you post those for a case that happened (including the levels above and the inheritance settings?
J.
And the scenario you are describing is very typical: the move starts through e.g. drag and drop. The users sees it, panics and presses cancel. Result: a through b moved, all the rest not. It's so recognizable to me. And users are only human, however well regarded.
Also, if on the same volume rights are copied with the files. With root you probably mean a share isn't it?
What you describe is very possible, but would also depend on the ACL's of the files, folders. Can you post those for a case that happened (including the levels above and the inheritance settings?
J.
PowerIT,
The cancel button issue sounds exactly like what happened here. Until I figured that out, I spent a good few hours trying to figure out how the "virus" was moving files beginning with numbers and the letter A, but not anything else :)
The cancel button issue sounds exactly like what happened here. Until I figured that out, I spent a good few hours trying to figure out how the "virus" was moving files beginning with numbers and the letter A, but not anything else :)
Yes Adam, also what you described, it's all so recongizable that I started laughing out loud.
But, fuzzyfreak still gets the benefit of the doubt, until he is convinced or can prove otherwise through logs and showing the ACL's etc.
J.
But, fuzzyfreak still gets the benefit of the doubt, until he is convinced or can prove otherwise through logs and showing the ACL's etc.
J.
ASKER
Apology accepted Adam, I knew you were joking and yes, I am very lucky to have raised a competent batch of users, this is all about having a good call logging process and training documentation.
Thanks both for your input, I must admit I do want to beleive it is user error because I can accept that, if it is a technical issue, I want to know what is causing it. What you both might be able to help me with is, is there any way of protecting a folder structure at all? All my users need modify rights to most files on the file server, so how do I protect the folder structure?
Thanks both for your input, I must admit I do want to beleive it is user error because I can accept that, if it is a technical issue, I want to know what is causing it. What you both might be able to help me with is, is there any way of protecting a folder structure at all? All my users need modify rights to most files on the file server, so how do I protect the folder structure?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Interesting idea there Adam about managing through sharepoint - I presume your users can access the server files through companyweb but not through My Computer/Explorer?
Am I to also assume, further to PowerIT's comment, that it still won't stop users making mistakes through the Open File dialogue? Can you access companyweb through the Open File dialogue and restrict access to the server files?
Am I to also assume, further to PowerIT's comment, that it still won't stop users making mistakes through the Open File dialogue? Can you access companyweb through the Open File dialogue and restrict access to the server files?
Fuzzy:
Correct, they're allowed access to it through Sharepoint, but not through my comp/windows explorer -- at least on the documents and files relegated to Sharepoint land.
They can still wreak some havoc, but the fact that it requires multiple clicks to perform bad actions now limits it greatly.
This isn't so much about actually making an effective permission list that keeps users from performing bad actions (they still have access to another drive which is shared), but in putting non-prohibitive means of slowing them down on actions like delete.
Correct, they're allowed access to it through Sharepoint, but not through my comp/windows explorer -- at least on the documents and files relegated to Sharepoint land.
They can still wreak some havoc, but the fact that it requires multiple clicks to perform bad actions now limits it greatly.
This isn't so much about actually making an effective permission list that keeps users from performing bad actions (they still have access to another drive which is shared), but in putting non-prohibitive means of slowing them down on actions like delete.
ASKER
You may go ahead and archive this question. It has yet to happen again and until it happens a few more times, I will nto be able to diagnose the issue.
I very much appreciate the comments of both participants (Experts)
Many thanks
Fuzzy.
I very much appreciate the comments of both participants (Experts)
Many thanks
Fuzzy.
And it always happens to my users at very busy times. And they never know that they did this, or don't want to admit it. And it's also with competent users.
I think that it's not through cut and paste, but through accidental drag and drop in explorer.
It can happen very easy and quick if the folders are not too large on a fast network you wouldn't notice it. And if the user is disturbed at the moment it happens then he certainly would not notice it.
Hope this helps.
J.