Announcement

Collapse
No announcement yet.

NTFS permissions behaving strange

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • NTFS permissions behaving strange

    Hello, and First off I am not sure if this is the correct area, but itís for a SBS server, and I was unable to find a NTFS forum.

    I need to create a folder on a SBS 2003 server that users are able to Create, Rename, Copy and Modify, but not Delete the files on a shared folder. This is to store an archive of scanned PDF files, and we want to remove the option of a file being deleted by a employee.

    Sounds nice and simple, but here is the catch; when you set the permissions right, it works till you try to save a new file. When you try that, it seems to create the file first then asks if you want to replace the file, not a desired outcome.

    I have tried too many configurations of the NTFS and share permissions to remember them all, but any that get the desired outcomes have the same problem.

    I can not explain why this is happening, or find a way around this. Such a simple thing and its starting to make me feel as simple as the task at hand.

    Failing this, I have to try and sell them a sharepoint server.

    Wofen
    Last edited by Wofen; 14th April 2010, 00:45. Reason: Try and make abetter subject line
    Good to be back....

  • #2
    Re: NTFS permissions to stop users deleting files; creates .tmp files and asks to ovr

    What permissions have you set -- from memory, write, but not modify, permission will do most of it
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: NTFS permissions to stop users deleting files; creates .tmp files and asks to ovr

      Originally posted by Ossian View Post
      What permissions have you set -- from memory, write, but not modify, permission will do most of it
      If you use those settings, its the correct premissions but when you try to save a file there, with a unique name, it asks if you want to overwrite it, and also creates a tmp file, which never goes away till you come in and delete it with someone with premissions.

      The tmp files are not that bad, but asking a user every single time to replace a file when they want to save will end up with alot of files over written and lost.

      Simple test to see what I mean, set premissions to write and list contents, open notepad and save a file to the folder. It will ask you to over write a file, a txt file with the name of your file appers, and a tmp file.

      Wofen
      Good to be back....

      Comment


      • #4
        Re: NTFS permissions behaving strange

        I think the requirement to create and modify (but not delete) is fundamentally flawed. To "effectively" delete a file, a malicious user could simply overwrite it with a blank file. It is the creation of temporary files that is getting in the way, and since the user is not allowed to delete these temporary files, problems happen.

        I tried to do a similar thing in a school to stop kids deleting each other's work, but realised they only had to overwrite with ablank file to achieve the same malicious objective.

        I think that you will need a free-for-all folder where users can do anything, and then a readonly folder where a manager can move files from the free-for-all folder into the readonly folder so that noone else can delete them (or overwrite them)
        Best wishes,
        PaulH.
        MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

        Comment


        • #5
          Re: NTFS permissions behaving strange

          Although it doesn't solve the overwriting with blank files problem, you could set up a batch file run from task scheduler that clears out temporary files.

          The only way you can prevent the overwriting with blank files is to remove the modify permissions and have users save revisions with filename_01 _02 etc.

          Comment


          • #6
            Re: NTFS permissions behaving strange

            Originally posted by PaulH View Post
            I think the requirement to create and modify (but not delete) is fundamentally flawed. To "effectively" delete a file, a malicious user could simply overwrite it with a blank file. It is the creation of temporary files that is getting in the way, and since the user is not allowed to delete these temporary files, problems happen.
            I did raise that point, but the objective here is more to stop users deleting file by mistake. There are backups for when we know files have been deleted or replaced (in the case of someone getting fired ect). Its when a File is deleted and not found out for a few months, thats the problem.

            The Biggest problem is the fact it asks you to overwrite, when saving a new document into a empty folder. With the aim of tring to reduce overwrite/delete mistakes, getting the user to ignore that warning is a step in the wrong direction.


            Originally posted by PaulH View Post
            I think that you will need a free-for-all folder where users can do anything, and then a readonly folder where a manager can move files from the free-for-all folder into the readonly folder so that noone else can delete them (or overwrite them)
            This is the system currently in place, sadly the managers do not regulate it well enough.

            I believe using just NTFS to try and reach this goal is too limiting, so I am going to look into other file management systems for the client, but I would like to know why this is happening. Its almost like the user does not have the premissions to create the file, so the system has to and just lets the user modifiy it.

            Wofen
            Good to be back....

            Comment

            Working...
            X