Prevent users from being able to move folders

Hi,

I'm trying to implement a solution on our Windows 2008 file server to prevent users from being able to move root folders.  What often happens is a user will inadvertently drag and drop a root folder into another one and it then "goes missing".  

I tried to follow this solution:

http://waynes-world-it.blogspot.com/2008/06/preventing-accidental-ntfs-data-moves.html

But am having trouble implementing it.  Does anyone have a step by step guide regarding the above solution or have a better way?  The above link seems like an ideal solution, but I can't get the permissioning down properly.

The "placeholder" file needs read only for which group?  How do I actually set the "read only"?  Is that read only permission or attribute?  Do I deny the rest for the group in question?

Now what about the actual directory which I want to prevent from being moved, what specific permissions do I apply to this?

This seems like such a simple thing to implement but so difficult.  I'm curious to hear your expert suggestions on this solution or another.

Thanks!
lighthousekeeperAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Matt VCommented:
It sounds like what you want to do is set permissions on the root folder that allow read access and then apply the write access to the lower folders.

The best way is to go into the properties of the folders you do not want moved, and under the security tab click the  
Matt VCommented:
It sounds like what you want to do is set permissions on the root folder that allow read access and then apply the write access to the lower folders.

The best way is to go into the properties of the folders you do not want moved, and under the security tab click the  advanced button.  From this screen you can click on the group/user in question, click the Change Permissions button and uncheck the Include inheritable permissions... checkbox.

You will be prompted to copy the permissions or remove them.  If you choose copy, you will then have all your permissions as before but be able to change them on this folder and down.

Once you have adjusted the permissions on the sub folders, you can change the permissions on the root share folder to Read & Execute with no write.  It will not push down on the folders you already took inheritance off of, and will stop users of that group from changing things in the root folder.
Matt VCommented:
It sounds like what you want to do is set permissions on the root folder that allow read access and then apply the write access to the lower folders.

The best way is to go into the properties of the folders you do not want moved, and under the security tab click the  advanced button.  From this screen you can click on the group/user in question, click the Change Permissions button and uncheck the Include inheritable permissions... checkbox.

You will be prompted to copy the permissions or remove them.  If you choose copy, you will then have all your permissions as before but be able to change them on this folder and down.

Once you have adjusted the permissions on the sub folders, you can change the permissions on the root share folder to Read & Execute with no write.  It will not push down on the folders you already took inheritance off of, and will stop users of that group from changing things in the root folder.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

lighthousekeeperAuthor Commented:
Unfortunately, that still doesn't help me.  I need step by step instructions on how to implement this because what you suggest doesn't seem to be working for me.

Thanks.
Matt VCommented:
I might have time later tonight to do something with screen shots.
lighthousekeeperAuthor Commented:
I would greatly appreciate that, or a reference to elsewhere if this is documented in detail.  Thank you.
lighthousekeeperAuthor Commented:
Does anyone have a solution to this?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Matt VCommented:
Here is a quick and dirty PDF with some examples.  See if this is enough to get you started.
quick-access-howto.pdf
lighthousekeeperAuthor Commented:
.
lighthousekeeperAuthor Commented:
We contacted Microsoft on this and they said it's not possible:


                  I tried to research on your issue again and even though I give full control to subfolders and files and only read permission to this folder only. It is not working. This happens because the permissions always have cumulative effect. It will start reading permission from top to bottom and the most restrictive will apply. So if we are blocking users from drag and drop at top level, They lose control of making any changes to folders and files. And this is carried forward to the bottom folders and files.  SO the settings which your are trying to apply is not possible. I also tried to see if there is any work around. But there is not work around as such. If you have any questions please email me. I didn’t email you earlier as I was still trying to find solution to this issue.


So, we have no options.  What to do???  Third party solution??
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.