zimbra1510
asked on
Lock Down Top Level Folders
In my file structure I have a share/mapped network drive that contains all of my companies clients. There are thousands of folders at this Top Level. Problem is people drag and drop client folders into other client folders without realizing what they are doing and it goes unnoticed until somebody can't find the missing client or somebody notices an extra client inside another clients folder.
Does anybody know how to prevent accidental drag and drop or how to have a select user group be able to create new folders and delete at the client folder level and restrict all others from creating, moving, and deleting client folders. I need others to be able to create, delete, modify files and folders inside the client folder..
Does anybody know how to prevent accidental drag and drop or how to have a select user group be able to create new folders and delete at the client folder level and restrict all others from creating, moving, and deleting client folders. I need others to be able to create, delete, modify files and folders inside the client folder..
This is no simple task...and the best resource for understanding this topic is here http://technet.microsoft.com/en-us/library/cc770962.aspx Getting to where you want to be could take literally a couple of hours of experimenting. And not typically something you can do typing back and forth in a forum setting.
I would take one folder and experiment with that...when you get it the way you want it, you can do that to the rest of the folders.
I would take one folder and experiment with that...when you get it the way you want it, you can do that to the rest of the folders.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes Yo_bee I am looking for something exactly like that. I have been able almost make it work but the Client A, Client B, etc folders have still been able to be dragged and dropped or even cut an pasted into other folders.
I haven't tried the DFS namespace that kevinhsieh is referring to, but I think that sounds like the best way to go. I will look more into namespaces. Kevin do you have any more information you can share with me?
I haven't tried the DFS namespace that kevinhsieh is referring to, but I think that sounds like the best way to go. I will look more into namespaces. Kevin do you have any more information you can share with me?
Are you setting Client's folder to inheriate the rights, This should not be.
To get this to work I can only see it work like the way I am listing below.
If someone finds a better method please let me know.
You will need to build a hierarchy
Client > Client A > Data
Client > Domain Users (RO)
| Client A > Domain Users (RO)
| Data > Domain Users (RW)
This scrutcute will prevent users from creating Items in the Client A folder.
As stated by Kevin this is a massive admin nightmare.
To get this to work I can only see it work like the way I am listing below.
If someone finds a better method please let me know.
You will need to build a hierarchy
Client > Client A > Data
Client > Domain Users (RO)
| Client A > Domain Users (RO)
| Data > Domain Users (RW)
This scrutcute will prevent users from creating Items in the Client A folder.
As stated by Kevin this is a massive admin nightmare.
ASKER
I have tried the setup that you are picturing above, and it almost works. If I user tries to drag and drop the contents of the folder are copied but the client folder remains because it cannot be deleted.
Is this on the Client A folder or the sub-directory of the Client A --> the Client A folder?
ASKER
The Client A folder and Sub directory can be copied into Client B as a subdirectory, but when Client A folder is to be deleted it errors, but the contents have already been moved. This is not what I want.
You need to create a sub-directory in Client A, Client B and so on.
Clients and Client <Name> folders will have only read rights for domain users.
The sub-directory (for converstation purposes will be called DATA) will have Read and Write rights.
The Read-Only on the Client <Name> directory will restrict the users from adding anything to the Client <Name> folder, but can do what they need to in the DATA folder.
Does that make sense.
Clients and Client <Name> folders will have only read rights for domain users.
The sub-directory (for converstation purposes will be called DATA) will have Read and Write rights.
The Read-Only on the Client <Name> directory will restrict the users from adding anything to the Client <Name> folder, but can do what they need to in the DATA folder.
Does that make sense.
ASKER
I already have subfolders set up under each client folder. I think what you're saying may work, but will have to experiment.
So your Root > Sub-Dir > Sub-Sub-Direct.
the first two level should be Read-Only and the third level and down should have Read-Write.
the first two level should be Read-Only and the third level and down should have Read-Write.
Parent Folder: Read only
|
Client A folder : Read only
|
Sub-Client A: Read,Write,Create, Delete
Client B Folder : Read Only
|
Sub-Client B: Read,Write,Create, Delete