Prevent deleting files in shared folders

DustinB3403

@dafyre said in Prevent deleting files in shared folders:

You can't set their permissions like this:

?

No because it's a stupid practice and approach to prevent something that is already protected against with Backups.

dafyre

@dustinb3403 said in Prevent deleting files in shared folders:

@dafyre said in Prevent deleting files in shared folders:

You can't set their permissions like this:

?

No because it's a stupid practice and approach to prevent something that is already should be protected against with Backups.

FTFY. He didn't mention backups, so I'm not going assume they are there. Though I agree backups are of course the best solution, but that's another topic.

Obsolesce

Just turn on shadow copies and file auditing... and keep things the way they should be, either read or read/write like others suggested.

Then if someone deletes a file, restore it from the shadow copy. Then look at your audit logs to see who deleted it and when, and give that info to their boss.

black3dynamite

I would look into role based access control.
http://www.yster.org/role-based-access-control/

And then utilize shadow copy, audit logs and making sure to have a good backup setup.

JaredBusch

@dafyre said in Prevent deleting files in shared folders:

You can't set their permissions like this:

?

Of course you can. But it breaks shit as already mentioned.

bigbear

Which reminds me of my first menial task in the Mead datacenter in 2001, deleting office tmp files from our 200 netware file shares every day.

Also, ushering in and out tape backups to the daily pickup company who took them offsite for rotation.

Joel

cheers guys. What I love about this forum is that theres always a superb response and members always take a general interest and open the topic to further discussions. It's a great community here so thanks for the responses....Yes, we do have a off-site backup in place but it runs once a day at 10pm. I like the idea of shadow copies and the audit trail.

I'm going to enable ShadowCopies for 1pm daily. One extra copy is better than nothing or would you suggest a number of copies each day?

How do I enable the audit trail?

Emad R

@joel

1. Identify who needs RW and who can live with R only, usually talk with managers and they can tell you who can and who should not.

2. Backup the share at the end of each day, by taking an archived snapshot. that way even if there was deletion you can restore

3. There is feature where you can track those stuff, but i dont see how usefull it will be in real life

stacksofplates

@scottalanmiller said in Prevent deleting files in shared folders:

Deleting is part of the ability to write. You can't be able to write but not delete. Delete is just a form of writing. Same as with paper.

Does Windows (NTFS) have a sticky bit? You could do this on a Linux OS if you have the uid set to root and the gid set to the group the users are in and setgid and sticky bit are turned on for the directory. The auto root uid is the tricky part. It would by default be their user.

joelbarlow40

You need to set the rights to authenticated users/everyone ( Read and Write ).

You can also try below steps to set NTFS permission for that shared folder.

-> Right click on that folder and go to Properties and from the Security tab, click advanced.
-> click "Change permission" and Click "Add" and type "everyone" in the box .
-> Open "everyone" end change its permission as you wish.

Please refer to below article for more information:

Set Permissions for Shared Folders

File and Folder Permissions

Dashrender

@joel said in Prevent deleting files in shared folders:

cheers guys. What I love about this forum is that theres always a superb response and members always take a general interest and open the topic to further discussions. It's a great community here so thanks for the responses....Yes, we do have a off-site backup in place but it runs once a day at 10pm. I like the idea of shadow copies and the audit trail.

I'm going to enable ShadowCopies for 1pm daily. One extra copy is better than nothing or would you suggest a number of copies each day?

How do I enable the audit trail?

I haven't used/read up on Shadowcopy in a while. If I recall correctly, it only makes copies of files that have changed since the last copy, so setting it for several times a day might be good.

As for your normal backups, What are you using for backups? Can you run incrementals during the day?

Obsolesce

@joel said in Prevent deleting files in shared folders:

I'm going to enable ShadowCopies for 1pm daily. One extra copy is better than nothing or would you suggest a number of copies each day?

Shadowcopies are great and they save a lot of time and potential headaches due to users not paying attention to what they are deleting or working with, accidental or purposeful deletions. So long as you understand Shadowcopies are NOT backups and should never be treated or thought of as such, they work well.

The default settings work well in my environment, a snapshot once in the mid-morning and once in the early afternoon.

You should be able to get away with a handful of GB to a few hundred GB, but it depends on how many files, how often they change, and how big these files are.

In one example, I have a 4.5 TB file server using a 500 GB shadowcopy volume. It's only using 300 something GB and the shadowcopies go back like a month.

Obsolesce

@joel said in Prevent deleting files in shared folders:

How do I enable the audit trail?

To enable auditing, you need to do it in two places.

1. The best way to do it is via a group policy that applies to your file servers.
   a. You should enable auditing here for everything you want to audit. My below example shows only the file system audition.

2. Then on your fileserver, go into the properties of the share, Security tab, Advanced, Auditing tab.
   a. Add the group of users you wish to Audit, followed by what you want to audit:

3. Now that auditing is enabled, you will find all of the information in the "Security" Log in Event Viewer.

Obsolesce

Now that auditing is set up, your security event logs will fill up faster.

What I like to do is increase the size the security log can get to, 1 GB, and then to archive them once they grow large enough, and to make a new one.

This is also done via a group policy.

From here you can do with them what you like.

I have them automatically compressed (they compress super well) and then moved somewhere else for escrow reasons.