At our company, users may open/mount ISO files in Windows Server 2003 R2 standard fileserver, but they are not allowed to delete, modify or copy ISO files to remote computers. How can I prevent them from copying files from shared folders?
This is very tricky when users already have rights to open files. The only way to stop this that I'm aware of is to have something in between the server and the client such as an IPS or data leakage prevention system in order to actually prevent the local copying. You may be able to handle this through an executable lock-down program as well, such as Horizon DataSys Inc.'s Exe Lockdown, Faronics Corp.'s Anti-Executable and/or Fortres Grand Corp.'s Fortres 101.
Read the advice below for more tips on managing folder permissions:
18 Jun 2007