3

I'm looking for a way to prevent accidental deletion of folders and files on a Windows SBS 2003 box. The scenario is a DATA folder that all users currently have all rights except for "Full Control", "Take ownership", and "change permissions". The users need to be able to create new directories and files at will, and without administrator intervention.

Ideally we'd want to block all deletion of files and folders in this share, except by an administrator, but there doesn't seem to be a way to remove delete rights to files and directories without side effects. For example, I gather that if we remove delete rights, the temp files that Office products create will not work properly.

So the question is, what is the best way to prevent accidental deletion in this environment? We recently had a circumstance where a file was deleted and it wasn't noticed until all backups were overwritten months later. Obviously keeping a long backup history and/or using Shadow Copy are options, but I wanted to ask this forum and see if anyone had a better solution.

Thanks in advance for your help.

-Alex

jrabbit
  • 31
  • 1

1 Answers1

0

One Solution (more a hack) would be to give the owner of the files delete rights. Then shedule a task which runs as administrator and takes over ownership once a day.

To take ownership of a folder and all its content, you can use takeown and add the /r switch for recursive execution:

takeown /f d:\path\to\dir /r

You can also use the /a switch to make the Adminitrators group owner of the files go to the Administrators group instead of the current user:

takeown /f d:\path\to\dir /a /r

When doing so, the users can delete their current temp files. After the task ran, they only have change rights.

But bear in mind, that the user might be confused, if she can delete for a day, but after can't.

Jonathan
  • 575
  • 1
  • 7
  • 18