Improve company productivity with a Business Account.Sign Up

x
?
Solved

NTFS Deny Delete permission issue

Posted on 2011-03-09
3
Medium Priority
?
984 Views
Last Modified: 2012-08-13
I support a company that have a Windows Server 2003 domain environment w/ windows 7 client PC's. Recently the  company has asked me to disallow a specific user to delete any files in a shared folder on the server called DATA.  So I went to security on this folder and set the DENY DELETE and DENY DELETE SUBFOLDERS AND FILES for this specific user.

The user cannot delete anything which is good, but it also has caused a bad side effect of leaving behind temp office 2007 files (ex: A36432A0.tmp) whenever user modify's a word or excel doc. Why is this happening. What would be the way to not let this specific user delete files but also not leave behind these annoying temp files that are rapidly accumulating.
0
Comment
Question by:kiwi800321
3 Comments
 
LVL 3

Accepted Solution

by:
RussPitcher earned 2000 total points
ID: 35088029
Hmm, curious one this. I'm guessing that it's not acceptable to stop the user writing files to this folder entirely and forcing them to copy the files elsewhere before working on them.  The only simple way I can see round this is to have a script run on a scheduled task - say once a day at midnight - to clear these files out.  Unfortunately it'll still leave temp files around during the day.

A simple batch script would do the trick:
pushd C:\SharedDocs\RestrictedFolder
Del /f /s /q *.tmp
popd

Open in new window


0
 
LVL 10

Expert Comment

by:pjasnos
ID: 35088676
If someone has modification privileges to a given file, they effectively delete it by just emptying the file or filling it with zeros, so I would stronly suggest making that directory read-only for that user.
If you want to have a solution which gets rid of temp files while still having the files writeable would be to use something alike UnionFS in Linux. There's an application called WinUnionFS which implements the re-direction of any write requests to a read-only directory to a different directory - you can modify it to instead re-direct any creations/writes to tmp files based on their names, but you obviously need a litttle programming experience in C/C++. All the heavy-lifting of kernel-mode filesystem filter drivers is handled by Dokan library, meaning that you don't need to be an experienced programmer to make this work.
http://code.google.com/p/winunionfs/

Note: You cannot use Windows 7 Libraries for this, as they are shell objects and therefore most applications would still create temp files in your directory.

Also, depending what application is it, you can perhaps try re-configuring it to store it's temp files elsewhere?
0
 
LVL 3

Expert Comment

by:Dave4125
ID: 35089463
This user is supposed to be able to edit the documents, just not delete them entirely?
0

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question