I have already created the group and deny delete and delete subfolder and files. This option is not working for...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Once the deny delete and delete subfolder is applied
- Users cannot delete files and folder "First task accomplish"
- Users cannot move a folder into another folder "Second task accomplish". However it creates an empty folder with the same name of the source folder inside the destination folder. This cannot be deleted and creates confusion for the user and starts filing in the wrong location
- All files created under the share respond to the deny option however it's not possible to create excel files. Error message cannot save the "file name". The folder is marked as a read only.
- User cannot move or delete files inside the share but they can creates copies on theirs desktop for security could this be control it.
Let me address your issues as best I can. To be honest, it sounds like things are largely performing as you wanted.
- This is expected behavior. You mentioned you don't want users deleting folders and files, so I assume this is the way you want this to behave.
- Moving a folder is effectively a delete operation with a second create operation (delete the folder at the old destination and recreate it at the new destination), so this won't work with your permissions set the way they are. Of course, this sounds like expected behavior, since you don't want users deleting folders.
- Are Excel files the only files that respond in this way when you're trying to save them?
- You can't really control copying data from the server if a user has read access to it. You would essentially have the remove any writeable areas on the local computer, which isn't practical.
In the future, the RSoP tools in Windows Server 2003 are very helpful at diagnosing permission oddities and figuring out exactly what effect a permissions change will have on your users. You don't mention if you're using Windows Server 2003, so I can't officially recommend that route, but other users will likely find the tool useful.
For more information:
- Domain Management: Expert Advice Collection
In this expert advice collection, networking security expert Wes Noonan shares his advice on some popular domain management and Group Policy questions. Visit Wes's entire archive of advice and see if he has already answered a question specific to your networking needs or even ask him a question of your own.
- Network Access Control Learning Guide
Learn how unauthorized users gain network access, how to block and secure untrusted endpoints, and get Windows-specific and universal access control policies and procedures.
Dig Deeper on Network intrusion detection and prevention and malware removal
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.