NTFS stop folders being moved

We have a list of folders on a network share. e.g.

J:\Standard Jobs\S001
J:\Standard Jobs\S002
J:\Standard Jobs\S003
J:\Standard Jobs\S004

I want users to be able to view everything, but should only be able to edit files WITHIN the S00* file.

The S00* folders are created programatically in c#, so I can apply permissions to each folder when they are created.

So far, i've set advanced permissions for them to allow editing/deleting of files within the job folder..  Applied to "Subfolders and Files Only".  This works ok for most things, but when a user accidentally drags one job folder into another, it will move the folder and contents to the other destination, and keep the empty folder that was dragged after displaying the error msg.

So if i accidentally drag S001 into S002, we end up with.

J:\Standard Jobs\S001 <-- empty
J:\Standard Jobs\S002
J:\Standard Jobs\S002\S001.

Anyone faced this challenge before?
Sc0tteAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tiras25Commented:
OK so moving simply means copying from one folder to another and deleting on the source folder.  So you would need to deny the NTFS special permission "delete folder" to the users on the source folder security tab.

Then you will have to deny the NTFS special permission "create folder" to all the target folders.  You need to make sure you assume all targets.

Make sense?
0
Sc0tteAuthor Commented:
They don't have delete permission for the S00* folders...  thats why when they move them, the contents move,  but an empty folder remains.

I can't really deny "create folder" because user will need to add/remove files/folders int the S00* directory.

0
DonNetwork AdministratorCommented:
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

hutnorCommented:
Your S001 folder takes permissions from standard jobs folder. I assume they can not delete the S001 because they do not have any delete permission for fodlers & files directly in the standard jobs folder.

If you were to give them access to delete folders under standard jobs then when they move s001 they can delete the folder.
0
hutnorCommented:
Is that what you want to do? get ride of the S001 after it has been moved? or stop them from dragging s001 into s002
0
Sc0tteAuthor Commented:
Really just want to stop users from dragging S001 into S002
0
DonNetwork AdministratorCommented:
0
DonNetwork AdministratorCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sc0tteAuthor Commented:
Thanks dstewartjr,  I'll look into that app.

For the time being, i've knocked up a little program that runs during logon (once) for out company...  it increases the number pixels a user must move the item under their mouse before windows triggers that the drag/drop operation is happening.

It works well..  but can be a little weird and annoying sometimes, because it affects *all* drag and drop operations within windows.

C# code attached.

using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;

namespace DragonDropStop
{
    class Program
    {

        static int SPI_SETDRAGWIDTH = 76;
        static int SPI_SETDRAGHEIGHT = 77;
        static int DISTANCE = 50;

        // ----------------------------------------------------------------------------------------
        // Author:                        ScottE
        // Date:                          27/04/2010 11:25
        // Purpose:                       
        // ----------------------------------------------------------------------------------------
        static void Main(string[] args)
        {
            try
            {
                if (args.Length > 0)
                {
                    try
                    {
                        DISTANCE = int.Parse(args[0]);
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("Parameter should be an integer number");
                    }
                }
                SystemParametersInfo(SPI_SETDRAGWIDTH, DISTANCE, "", 0);
                SystemParametersInfo(SPI_SETDRAGHEIGHT, DISTANCE, "", 0);
            }
            catch (Exception ex)
            {
                Console.Write(ex.ToString());
                Console.Read();
            }
        }

        [DllImport("user32.dll", CharSet = CharSet.Auto)]
        static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni);

    }
}

Open in new window

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.