Solved

NTFS Deny Delete permission issue

Posted on 2011-03-09
3
956 Views
Last Modified: 2012-08-13
I support a company that have a Windows Server 2003 domain environment w/ windows 7 client PC's. Recently the  company has asked me to disallow a specific user to delete any files in a shared folder on the server called DATA.  So I went to security on this folder and set the DENY DELETE and DENY DELETE SUBFOLDERS AND FILES for this specific user.

The user cannot delete anything which is good, but it also has caused a bad side effect of leaving behind temp office 2007 files (ex: A36432A0.tmp) whenever user modify's a word or excel doc. Why is this happening. What would be the way to not let this specific user delete files but also not leave behind these annoying temp files that are rapidly accumulating.
0
Comment
Question by:kiwi800321
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Accepted Solution

by:
RussPitcher earned 500 total points
ID: 35088029
Hmm, curious one this. I'm guessing that it's not acceptable to stop the user writing files to this folder entirely and forcing them to copy the files elsewhere before working on them.  The only simple way I can see round this is to have a script run on a scheduled task - say once a day at midnight - to clear these files out.  Unfortunately it'll still leave temp files around during the day.

A simple batch script would do the trick:
pushd C:\SharedDocs\RestrictedFolder
Del /f /s /q *.tmp
popd

Open in new window


0
 
LVL 10

Expert Comment

by:pjasnos
ID: 35088676
If someone has modification privileges to a given file, they effectively delete it by just emptying the file or filling it with zeros, so I would stronly suggest making that directory read-only for that user.
If you want to have a solution which gets rid of temp files while still having the files writeable would be to use something alike UnionFS in Linux. There's an application called WinUnionFS which implements the re-direction of any write requests to a read-only directory to a different directory - you can modify it to instead re-direct any creations/writes to tmp files based on their names, but you obviously need a litttle programming experience in C/C++. All the heavy-lifting of kernel-mode filesystem filter drivers is handled by Dokan library, meaning that you don't need to be an experienced programmer to make this work.
http://code.google.com/p/winunionfs/

Note: You cannot use Windows 7 Libraries for this, as they are shell objects and therefore most applications would still create temp files in your directory.

Also, depending what application is it, you can perhaps try re-configuring it to store it's temp files elsewhere?
0
 
LVL 3

Expert Comment

by:Dave4125
ID: 35089463
This user is supposed to be able to edit the documents, just not delete them entirely?
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question