Solved

Preveng Delete on Shares

Posted on 2013-06-17
10
174 Views
Last Modified: 2013-07-03
Hello......how can I prevent users on deleting files on a shared folder in Windows Server 2008?

OS: Windows Server 2008 R2
0
Comment
Question by:CCS-IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 54

Accepted Solution

by:
McKnife earned 500 total points
ID: 39254761
This cannot be answered as we don't know how the share is being used.
Example: you keep office documents there. When users open, edit and then close documents on that (now "non-delete-") share, office will throw errors because it would no longer be able to delete temporary files... which are indeed placed right there where the original document lives - not practicable.
0
 

Author Comment

by:CCS-IT
ID: 39254959
McKnife,

Only users authenticated through Active Directory can access the shares, which resides on the Win 2008 server. I hope this helps.

Thank you.
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39255093
remove the modify and delete NTFS permissions BUT if a user opens a Microsoft Office Document the program creates a temporary file and when you save it or exit the program even with NO changes the original file is deleted and the temporary file is renamed to the original file
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 54

Expert Comment

by:McKnife
ID: 39255566
CCS-IT, you miss my point. Please tell us if you keep office documents there or not. if not, make sure there are no other doc types in there that create temporary files right on the share on opening.
BECAUSE if they did, you simply cannot use a "non-delete-share".
0
 

Author Comment

by:CCS-IT
ID: 39258050
McKnife, yes there are various doc types in the shared folders.  My simple goal is to prevent a user from deleting a sub-folder files in the sub-folder on the share.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39258059
> My simple goal is to prevent a user from deleting a sub-folder files in the sub-folder on the share - yes, that was easy to guess.
> there are various doc types in the shared folders - that was not the question. Question was: do these "doc types" generate temporary files on the share the doc resides on when opening? This has to be tested.
0
 

Author Comment

by:CCS-IT
ID: 39260769
I apologize McKnife for not understanding your question at first, How do I test if "these "doc types" generate temporary files on the share the doc resides on when opening"?  Or where do I look for these temp files to appear when I open one of the docs?
0
 
LVL 54

Expert Comment

by:McKnife
ID: 39261646
This has to be tested. Copy the share or parts of it, modify the ACLs so that deleting is denied and try to open and close all relevant file types. [these temp files, as mentioned, would appear right at the place where the document itself lies, they might be hidden in explorer, if your view settings don't display hidden files, you won't see those - take word docs for example, they create such temp files, having the same ending (.doc/.docx) but a prefix ~$ .
0
 

Author Comment

by:CCS-IT
ID: 39266691
McKnife, when I open excel and word documents, I don't see the temp files.  But I tested under another user and was able to see the temp files. Is it possible for me to prevent delete if this is happening?
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 39267217
We have been telling you repeatedly that NO it is NOT possible.

What you can do is set up a directory structure and permissions  i.e.
sales -  (manager has complete permissions  read/write/modify/delete
--- accepted documents -- manager read/write/modify/delete  sales dept users only
                                            READ   and or READ/WRITE requires manager to modify/delete
---  pending
          -- user1  only manager and user have access to this folder (read/write/modify) others
                          just read access
          -- user 2   ditto above
          --  user 3   dito above
--- sales group shared -- all have read/write/modify delete

The manager can move documents up the tree but once they are committed the sales team only has read access and if they want to save a new version the older one can only be overwritten by the manager and can only be saved in their OWN or the Group Folder
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many times while working on a computer regardless of any Operating System, lag and crashes seem to creep in, hindering your working speed. Sometimes, it can also cause your work to be lost unexpectedly and as a result, you are unable to meet your de…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question