?
Solved

Preveng Delete on Shares

Posted on 2013-06-17
10
Medium Priority
?
183 Views
Last Modified: 2013-07-03
Hello......how can I prevent users on deleting files on a shared folder in Windows Server 2008?

OS: Windows Server 2008 R2
0
Comment
Question by:CCS-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 56

Accepted Solution

by:
McKnife earned 1500 total points
ID: 39254761
This cannot be answered as we don't know how the share is being used.
Example: you keep office documents there. When users open, edit and then close documents on that (now "non-delete-") share, office will throw errors because it would no longer be able to delete temporary files... which are indeed placed right there where the original document lives - not practicable.
0
 

Author Comment

by:CCS-IT
ID: 39254959
McKnife,

Only users authenticated through Active Directory can access the shares, which resides on the Win 2008 server. I hope this helps.

Thank you.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39255093
remove the modify and delete NTFS permissions BUT if a user opens a Microsoft Office Document the program creates a temporary file and when you save it or exit the program even with NO changes the original file is deleted and the temporary file is renamed to the original file
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 56

Expert Comment

by:McKnife
ID: 39255566
CCS-IT, you miss my point. Please tell us if you keep office documents there or not. if not, make sure there are no other doc types in there that create temporary files right on the share on opening.
BECAUSE if they did, you simply cannot use a "non-delete-share".
0
 

Author Comment

by:CCS-IT
ID: 39258050
McKnife, yes there are various doc types in the shared folders.  My simple goal is to prevent a user from deleting a sub-folder files in the sub-folder on the share.
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39258059
> My simple goal is to prevent a user from deleting a sub-folder files in the sub-folder on the share - yes, that was easy to guess.
> there are various doc types in the shared folders - that was not the question. Question was: do these "doc types" generate temporary files on the share the doc resides on when opening? This has to be tested.
0
 

Author Comment

by:CCS-IT
ID: 39260769
I apologize McKnife for not understanding your question at first, How do I test if "these "doc types" generate temporary files on the share the doc resides on when opening"?  Or where do I look for these temp files to appear when I open one of the docs?
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39261646
This has to be tested. Copy the share or parts of it, modify the ACLs so that deleting is denied and try to open and close all relevant file types. [these temp files, as mentioned, would appear right at the place where the document itself lies, they might be hidden in explorer, if your view settings don't display hidden files, you won't see those - take word docs for example, they create such temp files, having the same ending (.doc/.docx) but a prefix ~$ .
0
 

Author Comment

by:CCS-IT
ID: 39266691
McKnife, when I open excel and word documents, I don't see the temp files.  But I tested under another user and was able to see the temp files. Is it possible for me to prevent delete if this is happening?
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 39267217
We have been telling you repeatedly that NO it is NOT possible.

What you can do is set up a directory structure and permissions  i.e.
sales -  (manager has complete permissions  read/write/modify/delete
--- accepted documents -- manager read/write/modify/delete  sales dept users only
                                            READ   and or READ/WRITE requires manager to modify/delete
---  pending
          -- user1  only manager and user have access to this folder (read/write/modify) others
                          just read access
          -- user 2   ditto above
          --  user 3   dito above
--- sales group shared -- all have read/write/modify delete

The manager can move documents up the tree but once they are committed the sales team only has read access and if they want to save a new version the older one can only be overwritten by the manager and can only be saved in their OWN or the Group Folder
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question