No announcement yet.

Restricting certain actions within a share

  • Filter
  • Time
  • Show
Clear All
new posts

  • Restricting certain actions within a share

    We have a shared folder on a 2003 server. This share has HUNDREDS of sub-folders and files. The domain users need to be able to create new files and folders, as well as modify said files and folders.
    The issue is... some of the less savvy users have been dragging folders to unknown places, deleting folders, etc. Not good.
    Ideally... Id like them to be able to create and modify files/folders, but NOTHING else; especially copy, move, and delete. In the share permissions, I can easily remove the DELETE flag, but the rest is a bit hazy. It would seem, that removing the DELETE flag, would also negate MOVING.
    I tried removing the DELETE flag, as well as FULL CONTROL. This resulted in the users not being able to open anything. So... Im back to square one. Given the share contains hundreds of gigabytes of data, making the changes is slow. Id like to stop "guessing" at this point.
    Any thoughts would be appreciated.


  • #2
    Re: Restricting certain actions within a share

    You need the same permissions to create and edit files as are used to move data from one location to another.

    How about some staff training? Try to encourage them to right-click+drag. That will display a menu allowing them to choose what to do with the folders/files.

    However, if you are referring to accidental dragging and dropping then perhaps the users need to change their mouse settings so they are more robust. Having said that it is not possible to stop this entirely. Last week one of our staff accidentally dragged over 130GB of data from one place to another just before they left work. Came to work the next morning and it had apparently disappeared, much to the consternation of everyone else
    A recent poll suggests that 6 out of 7 dwarfs are not happy


    • #3
      Re: Restricting certain actions within a share

      Firstly, create a test folder and use that for testing- don't use the live folder. I did a search in Google on "stop user from copy, move, and delete folders" and there are some good suggestions there.

      Note that what you require needs a mixture of ACLs on the folders and also, if you deny Delete to a user then they can not save Office files as Office creates temp files which are then renamed to the user's choice and automatically deleted once saved.
      Last edited by JDMils; 31st May 2010, 13:29.
      +-- JDMils
      +-- Regional Systems Engineer, DotNet programmer & Jack of all trades