[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How can I prevent users from renaming a folder?

Posted on 2012-03-28
7
Medium Priority
?
3,309 Views
Last Modified: 2012-06-27
Hi,

I am looking for a solution where I can prevent users from renaming a folder name. I don't mind if the folder gets deleted because I trust that the users know what the folder is for and won't delete it, plus I already know how to prevent it from being deleted.

The folder is hard-coded on a fax machine which sends scanned documents to this location. If it is renamed, then the scanning process will not work.

I just want to know how to control folder renaming on its own. Users should still be able to read/write/delete folders and files as normal.

I hope I have provided enough information on the problem, but feel free to ask for more on this.
0
Comment
Question by:stvmph
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Author Comment

by:stvmph
ID: 37779923
I have looked at other topics but they don't give me the answer I am looking for.
0
 
LVL 21

Assisted Solution

by:motnahp00
motnahp00 earned 400 total points
ID: 37779955
If a user has read and write permissions on your top level folder, the can pretty much do what they want. Why not use a group policy to create a folder with a specified name at logon? So if the user renames the folder, it will always be recreated.

User Configuration -> Preferences -> Windows Settings -> Folders
0
 
LVL 7

Assisted Solution

by:lucifer82
lucifer82 earned 800 total points
ID: 37780036
Hi stvmph,

I have a potential solution for you as I do this practise when I setup new sites all the time.

1. Each user will have their own folder so eg.

User_Folders (root)
- User1 < this folder name should be same with username for user 1
- User 2 < this folder name should be same with username for user 2

2. You create service account that your MFD will use to scan eg. scanner

3. This scanner user has full rights to each folders, you than make sure that each user folders is only accessable by administrator, scanner and the user who needs to access they can all have full rights.

4. This is the trick part you create the "User_Folders" as hidden share with "Everyone" with full control. As for the security rights on this folder it should be:

CREATOR OWNER - FULL
SYSTEM - FULL
Scanner - Modify
Administrators - FULL
Users - Read Only

5. Once that's done first verify that you can still scan to the folder.
6. After the verification you create a mapped drive policy to map drive "S" to each user by their username.

eg. \\YOURSERVER\User_Folders$\%USERNAME%\

*YOURSERVER < this is hostname or ip address of your file server
*$ sign at the end of the share name means it's hidden share
*%USERNAME% < This automatically works out your username this is used

This way user doesn't get to browse the upper layer in order to delete this folder, instead they only have mapped drive with all of their scan items.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 28

Assisted Solution

by:Run5k
Run5k earned 400 total points
ID: 37780043
The simple solution would be to ensure that your people are Standard users, and then modify the NTFS permissions on the folder so that only System account and the Administrators group have full control.  In contrast, Users and Authenticated users can have Read & execute, List folder contents, and Read permissions.
0
 
LVL 4

Assisted Solution

by:Praveenraj04
Praveenraj04 earned 400 total points
ID: 37780399
Hi Friend,

There is a option in NTFS Permission in Advanced Tab to Uncheck the Modify Option.

Please check the below link for more infomation:

http://www.windowsecurity.com/articles/Understanding-Windows-NTFS-Permissions.html

Enable the Allow for the Following
Read & Execute
Read
Write
and Make sure MODIFY is unchecked for Allow and Deny leave it blank and you should be good.

Please check and revert to me if you have any queries.

Thanks,
P. Praveen Raj
0
 

Accepted Solution

by:
stvmph earned 0 total points
ID: 37784968
I have figured out what the problem is to this was. Let me paint a picture for you. The FTP server that the scanner can connect to is pointed at the P drive. There are already heaps of folders in P drive.

In the permissions for P drive, the "Everyone" group/user is set to Full Control. Therefore, all users are able to rename the scanner folder I was trying to prevent from being renamed.

However, I did make a subfolder within the scanner folder which I pointed the scanner to scan to directly. And through testing with a generic user account, I managed to prevent this folder from being renamed using permissions.

Now I know that if the upper level folder gets renamed, the problem still exists, but at least I know now how to prevent renaming.

Here's what I did. Let's say the directory is: P:\scanner\scans and there is a "Sales" security group.

In the scanner folder, I went to "Advanced", "Change Permissions", and unticked "Include inheritable permissions from the object's parent". I added in the IT group and the scanner user with "Full Control" access.

I then added the "Sales" group in twice. The first time I added them in was with "Traverse folder / execute file" and "List folder / read data" for "This folder only". The second time I added them in was with read/write/delete for "Subfolders and files only".

I tested with a generic account in the "Sales" group and they were unable to rename the "scans" folder and everything within the "scanner" folder. But inside the "scans" folder, they can do whatever they want.

I have found the solution even though the problem still exists, but that is not something we're willing to look at at this stage. As far as points go, all of you had various ideas that got to me my final solution but not exactly what I ended up doing.

motnahp00, you made me realise my P drive had full control set.
lucifer82, you had a near perfect solution however users already have P drive mapped so I couldn't hide it from them
Run5k, you had the right idea but I needed write permissions for the standard users as well
Praveenraj04, you were on the right track but it wasn't as simple as that.

I'm going to split the points accordingly amongst all of you.

Thanks for the help.
0
 

Author Closing Comment

by:stvmph
ID: 37800061
I didn't get the full solution from the other experts but good hints.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question