Prevent file deletion on Win 2008 network
Posted on 2014-10-02
I believe this question has been asked many times before, but I would like to see if there is any new development from Microsoft regarding this.
We are running a Win 2008 R2 domain. On our file server everyone has full access to all data folders/files, as they have mapped drives on their own PCs.
Because they are files stored on network recycle bin doesn't work (unless someone can tell me otherwise). Not even a deletion warning message (like your own Win 7 PCs) is displayed on deletion. So it is fairly easy for user(s) to accidentally delete file(s) on the network drive.
We would like to implement NTFS permissions to prevent this to happen. We did by setting everyone to have "special" permissions (Read/Create/Write attributes etc) without the permission to DELETE. It works well with .txt files, that users can create and edit but they can't delete. However it doesn't work so well with Word and Excel documents.
Users can open Word or Excel document but they can't SAVE (which means edition no point!). From my understanding, when user tries to save a Word or Excel file a .TMP file has been created by the system (for lock?). When the SAVE is successful the .TMP will be removed automatically. However in my case, the system restricts user to remove the .TMP file (user do NOT have delete permission!) hence saving is not permitted. When I check the server, there are lots of .TMP files been created, probably one for each SAVE attempt.
Now, does anyone know a work around in Windows system to allow such to happen. What I want to achieve is, on those network folders user to be permitted to create/edit/save(!) but not delete.
Much appreciated for your help.