[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Users accidentally deleting or moving folders on our file servers via Windows Explore drag-n-drop

Posted on 2012-08-13
4
Medium Priority
?
4,046 Views
Last Modified: 2012-09-17
We have a regular problem with network users accidentally moving or deleting folders on our file servers via Windows Explorer drag-n-drop. Finding and/or recovering the folders becomes a daily headache for users and  IT staff.

On our new file server (“FS01”), we would like to set the directory permissions using some form of “best practices”.

The share on our new file server that users will  map the H: drive to:  \\FS01\Files

Directory Structure:
E:\Shares\Files\0001
E:\Shares\Files\0002
E:\Shares\Files\0003
E:\Shares\Files\0004
E:\Shares\Files\0005
Etc, etc, etc.

The folders (00001 – 0005) are our mission critical folders. Each of these folders contain additional subfolders and files.

We would like to prevent users from moving/deleting/renaming folders at the 0001 parent folder level - but - still be able to work freely (moving/deleting/renaming objects) within the child subfolders.

Any suggestions on how best to set the Share and NTFS access permissions to meet these requirements? This should prevent users accidentally moving or deleting folders on our file servers via Windows Explore drag-n-drop.

Thank you.
0
Comment
Question by:GoodEnoughThen
4 Comments
 
LVL 13

Assisted Solution

by:xDUCKx
xDUCKx earned 375 total points
ID: 38289665
Permissions flow like a waterfall.  The permissions flow from parent to child, until there is a change.

Determine what you want from the root level (H: Drive) and then "Break" or change the permissions when you hit the 0001 level.  This might be an administrative nightmare as if more "000" folders are added you'll need to update the permissions accordingly.

On a personal note:  File shares are an archaic technology.  I personally look for a document management solution to manage files specifically for this reason.  Users tend to not know what the latest version of a file is, there's copies of it everywhere and people are deleting/changing things all the time.  I usually look into a SharePoint (Free) solution and migrate the data from file shares to a web based interface that is easily used.  File shares should be used for large files (installs or ISO's) that don't make sense in a document management solution.
0
 
LVL 17

Assisted Solution

by:Brad Bouchard
Brad Bouchard earned 375 total points
ID: 38289712
Try setting the most minimal permissions possible for them to get what they need done.  Give them "list folder contents" on all the top level folders, and then give them higher permissions progressively in each sub folder.  Also, try turning on Shadow Copies so you can go backwards if you need to if someone deletes or removes/renames something that way you don't have to go perusing through your backup everytime that happens.

http://technet.microsoft.com/en-us/library/cc785914(v=ws.10).aspx
0
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 375 total points
ID: 38289727
Hi.
Also look at this: http://www.sw2go.nl/DDIntercept/index.htm - drag'n'drop interceptor.
0
 
LVL 4

Accepted Solution

by:
Pancake_Effect earned 375 total points
ID: 38289739
I re-did our entire facilities a year back. Essentially I set it up like this:

Network Files (share this folder)> Departments > Department Name > Folders in department

Basically give only read rights all the way down to Department name. Disable inheritance for the security settings for the department folders to what you would like.

Make security groups for each department, give access only to those in that department.

For the folders in the departments, if there are any folders that need to be separate from the rest of the users, give only access to those users.


The main thing is there is a setting on the server in the file view settings, where you can set it to hide folders users don't have rights too. With that, and giving parent folders only read rights, you can completely eliminate people accidentally deleting the folders.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question