Solved

Preveng Delete on Shares

Posted on 2013-06-17
10
166 Views
Last Modified: 2013-07-03
Hello......how can I prevent users on deleting files on a shared folder in Windows Server 2008?

OS: Windows Server 2008 R2
0
Comment
Question by:CCS-IT
  • 4
  • 4
  • 2
10 Comments
 
LVL 53

Accepted Solution

by:
McKnife earned 500 total points
Comment Utility
This cannot be answered as we don't know how the share is being used.
Example: you keep office documents there. When users open, edit and then close documents on that (now "non-delete-") share, office will throw errors because it would no longer be able to delete temporary files... which are indeed placed right there where the original document lives - not practicable.
0
 

Author Comment

by:CCS-IT
Comment Utility
McKnife,

Only users authenticated through Active Directory can access the shares, which resides on the Win 2008 server. I hope this helps.

Thank you.
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
remove the modify and delete NTFS permissions BUT if a user opens a Microsoft Office Document the program creates a temporary file and when you save it or exit the program even with NO changes the original file is deleted and the temporary file is renamed to the original file
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
CCS-IT, you miss my point. Please tell us if you keep office documents there or not. if not, make sure there are no other doc types in there that create temporary files right on the share on opening.
BECAUSE if they did, you simply cannot use a "non-delete-share".
0
 

Author Comment

by:CCS-IT
Comment Utility
McKnife, yes there are various doc types in the shared folders.  My simple goal is to prevent a user from deleting a sub-folder files in the sub-folder on the share.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 53

Expert Comment

by:McKnife
Comment Utility
> My simple goal is to prevent a user from deleting a sub-folder files in the sub-folder on the share - yes, that was easy to guess.
> there are various doc types in the shared folders - that was not the question. Question was: do these "doc types" generate temporary files on the share the doc resides on when opening? This has to be tested.
0
 

Author Comment

by:CCS-IT
Comment Utility
I apologize McKnife for not understanding your question at first, How do I test if "these "doc types" generate temporary files on the share the doc resides on when opening"?  Or where do I look for these temp files to appear when I open one of the docs?
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
This has to be tested. Copy the share or parts of it, modify the ACLs so that deleting is denied and try to open and close all relevant file types. [these temp files, as mentioned, would appear right at the place where the document itself lies, they might be hidden in explorer, if your view settings don't display hidden files, you won't see those - take word docs for example, they create such temp files, having the same ending (.doc/.docx) but a prefix ~$ .
0
 

Author Comment

by:CCS-IT
Comment Utility
McKnife, when I open excel and word documents, I don't see the temp files.  But I tested under another user and was able to see the temp files. Is it possible for me to prevent delete if this is happening?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
We have been telling you repeatedly that NO it is NOT possible.

What you can do is set up a directory structure and permissions  i.e.
sales -  (manager has complete permissions  read/write/modify/delete
--- accepted documents -- manager read/write/modify/delete  sales dept users only
                                            READ   and or READ/WRITE requires manager to modify/delete
---  pending
          -- user1  only manager and user have access to this folder (read/write/modify) others
                          just read access
          -- user 2   ditto above
          --  user 3   dito above
--- sales group shared -- all have read/write/modify delete

The manager can move documents up the tree but once they are committed the sales team only has read access and if they want to save a new version the older one can only be overwritten by the manager and can only be saved in their OWN or the Group Folder
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

by Nathan Brom/Bromy2004 Introduction There are numerous websites out there for any different type of program you can imagine.  Of those, you'll need to decide which ones are legitimate and aren't trying to steal your money or infect your comput…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now