Solved

Prevent users from moving/deleting folders on a 2008 file server

Posted on 2013-01-04
3
917 Views
Last Modified: 2013-01-16
Some of my users are a bit careless and accidentally drag/move folders to other locations on the file server. And there is the occasional deletion of folder trees.

Is there a simple way to keep users from moving or deleting folders?  There is seldom a need for a user to delete a folder.

Basically I'd like to set the permissions of the folder object to prevent a user from moving/deleting it, yet allow Modify access to the files within the folders.

- It's OK if users create new folders, but not delete them, or at least not delte those created by other users.  
- Users need Modify rights to the files in folders to create/view/edit/delete files.
- Domain Admins need to maintain rights to modify the folders.  

I looked through Advanced Permissions, but folder and file deletion seem bound to each other (Delete Subfolders and Files).

I have 500 users, The file server is running Server 2008 R2 Enterprise SP2. There is one share (GROUPS) with with numerous folders beneath (SALES, MARKETING, AP...) which each have different NTFS permissions set on them.
0
Comment
Question by:Justin S.
  • 2
3 Comments
 
LVL 28

Expert Comment

by:jhyiesla
ID: 38743843
Yeah, I think you've pretty much answered your own question. MS has never had real granular permissions on files vs folders and the Advanced section is where I would have sent you, but you're right, files and folders are linked together.

We have this same problem, although it's not real bad and we basically just have to have a good back up of the server and be able to restore things that get deleted.
0
 

Author Comment

by:Justin S.
ID: 38744160
Perhaps. Maybe something in Group Policy or some magical reg edit? I'm hoping to be surprised...
0
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
ID: 38744516
Although I don't know by heart all the registry keys or GPO settings, I'd not suspect you'd find something there. These tend to operate at the macro level meaning that you are changing things globally and not microscopically at the file or folder level. I can changes desktop behavior, but not the specifics of what's on the desktop, for example.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
As a long-time IT Professional, the most important skill I have developed and consider to be my most valuable tool is Effective Troubleshooting. Step through my problem-solving procedure in this 10-step guide adapted from The Universal Troubleshooti…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now