Daniel Booker
asked on
Prevent file move/copy outside of a share folder?
I am looking for a way to prevent users from either moving or copying files outside of the share folder / mapped drive location. If they want to copy or move files anywhere inside the share folder / mapped drive that is fine, but outside like to their desktop or thumb drive I want to prevent (keeping data on the server).
Nothing that is native to Windows. You would have to take away their delete rights but to be able to move files from withing the folder to sub folders would requite that.
it seems to me you need a data loss prevention (DLP) solution.
ASKER
Lockdown32 i've looked down that path. The problem is users are constantly updating jobs and are required to move them to different folders upon quoting the job and completion.
Jorge, DLP could be what I want. Typically though with DLP doesn't this just mark a file to not be move/deleted/shared whereas the users will have to be able to do these things?
Jorge, DLP could be what I want. Typically though with DLP doesn't this just mark a file to not be move/deleted/shared whereas the users will have to be able to do these things?
Yes. I don't think anything native to Windows will help. Some third party DLP should work but I do not know of any.
This is a question that comes up every now and then. First look at the routes that you can use to get data out: mail, internet upload, external media, folders on your local PC. To solve it, none if that may be writable or even exist. Is that possible? Hardly.
You can look into internet traffic, into mail attachments, you can monitor what is being written to local folders or even external media using auditing or various techniques of content inspection.
But unless you are really good, and I mean it, I mean high security, it is not really a goal you can reach.
So what people normally do to "solve" this is to make it harder for users to miss the routes they should go. So they define default paths for programs to save to, they relocate folders to the server, they map drives, they take away write permissions for the desktop, they remove the permission to create subfloders on c: - that are things you could do.
You can look into internet traffic, into mail attachments, you can monitor what is being written to local folders or even external media using auditing or various techniques of content inspection.
But unless you are really good, and I mean it, I mean high security, it is not really a goal you can reach.
So what people normally do to "solve" this is to make it harder for users to miss the routes they should go. So they define default paths for programs to save to, they relocate folders to the server, they map drives, they take away write permissions for the desktop, they remove the permission to create subfloders on c: - that are things you could do.
ASKER
Yeah, I did not think this might be something easily done... But things change just wanted to make sure there was not some new toy out there that could easily do this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.