?
Solved

Removeing delete/move/rename permissions for users through Group Policy object editor in server 2003 Active Directory.

Posted on 2011-03-01
3
Medium Priority
?
1,406 Views
Last Modified: 2012-05-11
Hi

We are setting up anew policy to restict users in a certain group folder in ADS Called Network users Policy on a MS server 2003.

Is it possible to restrict users ability to move/rename and delete files and folders via ADS on the server?  If so what steps do we need to take.

Many thanks.
0
Comment
Question by:hotline100
3 Comments
 
LVL 2

Accepted Solution

by:
brewsterm earned 1000 total points
ID: 35006426
You just need to setup folder permissions.  ADS is only going to hide or show certain folders.

Also keep in mine that some programs delete the original file before saving the new copy they are working on.  So if you have delete denied but modify allowed some applications will still not work.
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 1000 total points
ID: 35006505
Have you tried with

Computer Configuration -> Windows Settings -> Security Settings -> File System

add there drive/folder/file and set up appropriate permissions and link that GPO to approrpiate computers OU. But remember that you have to be sure that other applications doesn't require read or write/modify permissions on a regular user account to work properly.

Regards,
Krzysztof
0
 

Author Comment

by:hotline100
ID: 35015184
Thanks Guys will have a look at this today.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question