Solved

NTFS Deny Delete permission issue

Posted on 2011-03-09
3
954 Views
Last Modified: 2012-08-13
I support a company that have a Windows Server 2003 domain environment w/ windows 7 client PC's. Recently the  company has asked me to disallow a specific user to delete any files in a shared folder on the server called DATA.  So I went to security on this folder and set the DENY DELETE and DENY DELETE SUBFOLDERS AND FILES for this specific user.

The user cannot delete anything which is good, but it also has caused a bad side effect of leaving behind temp office 2007 files (ex: A36432A0.tmp) whenever user modify's a word or excel doc. Why is this happening. What would be the way to not let this specific user delete files but also not leave behind these annoying temp files that are rapidly accumulating.
0
Comment
Question by:kiwi800321
3 Comments
 
LVL 3

Accepted Solution

by:
RussPitcher earned 500 total points
ID: 35088029
Hmm, curious one this. I'm guessing that it's not acceptable to stop the user writing files to this folder entirely and forcing them to copy the files elsewhere before working on them.  The only simple way I can see round this is to have a script run on a scheduled task - say once a day at midnight - to clear these files out.  Unfortunately it'll still leave temp files around during the day.

A simple batch script would do the trick:
pushd C:\SharedDocs\RestrictedFolder
Del /f /s /q *.tmp
popd

Open in new window


0
 
LVL 10

Expert Comment

by:pjasnos
ID: 35088676
If someone has modification privileges to a given file, they effectively delete it by just emptying the file or filling it with zeros, so I would stronly suggest making that directory read-only for that user.
If you want to have a solution which gets rid of temp files while still having the files writeable would be to use something alike UnionFS in Linux. There's an application called WinUnionFS which implements the re-direction of any write requests to a read-only directory to a different directory - you can modify it to instead re-direct any creations/writes to tmp files based on their names, but you obviously need a litttle programming experience in C/C++. All the heavy-lifting of kernel-mode filesystem filter drivers is handled by Dokan library, meaning that you don't need to be an experienced programmer to make this work.
http://code.google.com/p/winunionfs/

Note: You cannot use Windows 7 Libraries for this, as they are shell objects and therefore most applications would still create temp files in your directory.

Also, depending what application is it, you can perhaps try re-configuring it to store it's temp files elsewhere?
0
 
LVL 3

Expert Comment

by:Dave4125
ID: 35089463
This user is supposed to be able to edit the documents, just not delete them entirely?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question