At our company, users may open/mount ISO files in Windows Server 2003 R2 standard fileserver, but they are not allowed to delete, modify or copy ISO files to remote computers. How can I prevent them from copying files from shared folders?
This is very tricky when users already have rights to open files. The only way to stop this that I'm aware of is to have something in between the server and the client such as an IPS or data leakage prevention system in order to actually prevent the local copying. You may be able to handle this through an executable lock-down program as well, such as Horizon DataSys Inc.'s Exe Lockdown, Faronics Corp.'s Anti-Executable and/or Fortres Grand Corp.'s Fortres 101.
Read the advice below for more tips on managing folder permissions:
- Restricting user permissions in folders
If you have a question about managing the permissions of a folder in your domain, this advice from Jonathan Hassell tells you how to set those permissions and prevent users from deleting that folder.
- Selectively set read and write permissions
Manage the read and write permissions of certain hardware devices like Bluetooth headsets and external drives with this advice from Jonathan Hassell.