Prevent deleting files in shared folders
-
Hi Guys, I have recently setup a typical File Server with shared folders etc. Usual bits really.
Whats not usual in this case, the office manager wants to prevent users being able to delete any files on the server as in the past they have deleted files accidentally.Structure is: Share Name > Departmental Folder > User files
Is it possible to allow read/write access but simply prevent the deletion of files? Or at least when a user requests to delete a file, it prompts for admin credentials?
Suggestions would be most appreciated.
We're using Server 2012R2
Thanks -
Nope, if you are giving them write access, you are giving them the ability to write(delete) away the files
-
Just get a backup system in place that would allow you to restore the individual files from the file server. UrBackup is free and does this, you'd simply need to have storage to backup to.
-
Activating Previous Versions will allow you to recover the delete files quickly in case you need it.
-
@iroal said in Prevent deleting files in shared folders:
Activating Previous Versions will allow you to recover the delete files quickly in case you need it.
This isn't a bad idea, but it's storage based, rather than time based. So it will work, but if there 5GB of space allocated, and you go over that 5GB of space, some files in your "backups" will get dumped for the new more recent changes.
-
I also recommend turning on a file auditing policy. That way when someone deletes a file, you can identify the user then let office politics sort out the punishment.
-
Office Politics never resolves anything.
-
@dustinb3403 said in Prevent deleting files in shared folders:
Office Politics never resolves anything.
Fair, but if you can't prevent the delete, then it will happen. Then management will come to you and say "Where is my file?" You can then restore it from backups, and the next words out of their mouth will be "What happened?" It is nice to be able to say "on 11/30/17 at 1:15PM, Bill deleted it. I don't know why he did that."
-
@s-hackleman said in Prevent deleting files in shared folders:
@dustinb3403 said in Prevent deleting files in shared folders:
Office Politics never resolves anything.
Fair, but if you can't prevent the delete, then it will happen. Then management will come to you and say "Where is my file?" You can then restore it from backups, and the next words out of their mouth will be "What happened?" It is nice to be able to say "on 11/30/17 at 1:15PM, Bill deleted it. I don't know why he did that."
Oh I didn't disagree. I was just stating that office politics never resolves anything.
-
Deleting is part of the ability to write. You can't be able to write but not delete. Delete is just a form of writing. Same as with paper.
-
@scottalanmiller said in Prevent deleting files in shared folders:
Deleting is part of the ability to write. You can't be able to write but not delete. Delete is just a form of writing. Same as with paper.
Yeah, I have witnessed so many bad setups over the years because people try to do this.
Hell to save a document with MS Office, you are writing to a temp file, deleting the original, and then renaming the temp file.
-
@dustinb3403 said in Prevent deleting files in shared folders:
@iroal said in Prevent deleting files in shared folders:
Activating Previous Versions will allow you to recover the delete files quickly in case you need it.
This isn't a bad idea, but it's storage based, rather than time based. So it will work, but if there 5GB of space allocated, and you go over that 5GB of space, some files in your "backups" will get dumped for the new more recent changes.
Design the system to have at least as much shadowprotect as you have daily changes (or at least as often as the backups run). This way if it's longer than that, you just go to the backups.
-
Backups will be your answer here and say setup Shadow Copies that are at key times in the day and that are stored for at least a month.
-
You can't set their permissions like this:
?
-
@dafyre said in Prevent deleting files in shared folders:
You can't set their permissions like this:
?
No because it's a stupid practice and approach to prevent something that is already protected against with Backups.
-
@dustinb3403 said in Prevent deleting files in shared folders:
@dafyre said in Prevent deleting files in shared folders:
You can't set their permissions like this:
?
No because it's a stupid practice and approach to prevent something that
is alreadyshould be protected against with Backups.FTFY. He didn't mention backups, so I'm not going assume they are there. Though I agree backups are of course the best solution, but that's another topic.
-
Just turn on shadow copies and file auditing... and keep things the way they should be, either read or read/write like others suggested.
Then if someone deletes a file, restore it from the shadow copy. Then look at your audit logs to see who deleted it and when, and give that info to their boss.
-
I would look into role based access control.
http://www.yster.org/role-based-access-control/And then utilize shadow copy, audit logs and making sure to have a good backup setup.
-
@dafyre said in Prevent deleting files in shared folders:
You can't set their permissions like this:
?
Of course you can. But it breaks shit as already mentioned.
-
Which reminds me of my first menial task in the Mead datacenter in 2001, deleting office tmp files from our 200 netware file shares every day.
Also, ushering in and out tape backups to the daily pickup company who took them offsite for rotation.
