Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is it possible to configure rights on Server 2008  that would allow a user to open and modify the file but not copy it?

Posted on 2010-09-15
5
Medium Priority
?
397 Views
Last Modified: 2013-12-02
Hello Experts,
I have a client that would like to lock down users from "copying" drafting files off the server.  The issue is that the drafting users will need to open and modify the files.  Can this be done?

Current Server: Winodws 200 Standard server

I was looking at Windows 2008 server with Active Directory Rights Management Services but did not see that specific configuration.

Thanks for your help!
0
Comment
Question by:Expetec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Assisted Solution

by:Nyradel
Nyradel earned 668 total points
ID: 33681806
No. Because once opened the user can always save it as something different.  You can't stop someone from copying a file.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 33681985
I agree no there is not currently a way.
0
 
LVL 4

Assisted Solution

by:andy_maskell
andy_maskell earned 668 total points
ID: 33682072
The only thing to do is to stop them copying onto external devices. I presume the problem is taking the files offsite without permission. There are dummy devices which lock USB ports which will be the main source of data copying. Remove or replace DVD/CD writers with readers only. Emailing could be an issue but you could always block users from sending attachments.
0
 
LVL 22

Accepted Solution

by:
Joseph Moody earned 664 total points
ID: 33683344
I agree with andy. Instead of preventing the users from making a copy, prevent the users from being able to remove the data.
To prevent users from emailing: either deny the computer internet access (ex: not giving them a default gateway) or deny attachments on a firewall
To prevent users from using thumbdrives: Enable Computer Config\Admin Templates\System\Device Installation\Device Installation Restrictions\Prevent installation of removeable devices and Prevent installation of devices not described by other policy settings
 
0
 

Author Closing Comment

by:Expetec
ID: 33693839
Thanks Experts!  Your advice is much appreciated!
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question