Prevention is better than a cure. Do as the previous poster suggests and apply the appropriate NTFS permissions so that users can create and write files/folders but not delete, move or rename???
-----Original Message----- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:[EMAIL PROTECTED] Sent: 09 Dec 2005 19:14 To: [email protected] Subject: Re: [ActiveDir] I need an auditing and control solution [and yesI'll even fork moneyout for this] And stupid question...so I'm auditing for 'Delete' and 'Delete Subfolders and Files'.... would auditing 'Create Folders/Write Data' and 'Create Folders/Append Data' give me the needed logs for 'okay this person is the one that dragged the file and slid it'. Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: > I need them to be able to create new folders on a regular basis under > two main folders. [new clients you know] > > Litigation clients ------- name of each partner [yes they are > management so one has to propose reasonable solutions] ---- client > subfolders > > Due to our collaborative needs they need to get into each other > partner folders and not just their own and always be able to create > new folders. > > > Za Vue wrote: >> Depends on how many folders you are talking about. NTFS can be >> applied to folders. My users can only open the folders, can't move >> folders, can't delete folders, can't rename folders, can't create >> folders, etc. They can modify files inside their prospective folders. >> >> -Z.V.. >> >> >> Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote: >> >>> Problem -- the 'fatal finger syndrome' >>> >>> I have a collaborative firm. There are certain folders that >>> everyone in the office [well with very few exceptions anyway] need >>> to get into. >>> Due to mouse's and dexterity.... over the years individuals have >>> been the root cause of my "fatal finger syndrome" a condition where >>> one person clicks on a folder and accidentally slides it under a >>> neighbor. >>> These days we don't freak, we just look around and find the slid >>> folders and move them back. >>> >>> So the other day, under a certain folder, client folders beginning >>> with the letters co through zz end up ...not slid...not moved, but >>> gone, deleted. Now between the shadow file copy that the system >>> does, the robocopy batch file [yes I actually wrote a small bat >>> file, Joe would be so proud] to pull of copies of that one drive to >>> a spare harddrive, and nightly backups, I have enough paths to >>> ensure that I've got multiple ways to get to that data so that it >>> was minor to push the data back.... but it's obvious to me I need >>> way better control over the fatal finger syndrome. >>> >>> I'm stuck in the position of ...that I can't [as far as all that >>> I"ve ever been able to find] unable to set permissions in such a way >>> to allow for creating folders, but not sliding folders nor deleting >>> them. >>> >>> I'm going to review adjusting 'object access' for those series of >>> folders and look into a 'dump to storage' of an auditing software >>> since I know this will increase my already noisy security log files. >>> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S erverHelp/50fdb7bc-7dae-4dcd-8591-382aeff2ea79.mspx >>> >>> >>> I'm testing out whacking off/disabling cut and paste and seeing if >>> that freaks anyone out in the office [I believe the disabling of cut >>> and paste in IE will also affect the Windows explorer?] >>> >>> Stupid questions....... >>> >>> 1. Any other ideas or suggestions from the AD gurus to minimize >>> this 'fatal finger syndrome' that I'm fighting >>> 2. To better track the issue? Flag it? Control it? Stop it? >>> Besides hitting people upside the head? >>> >>> I've got the recovery process/procedures so that I can restore data, >>> but I'd like it either stopped or identified as it happens. >>> >> >> List info : http://www.activedir.org/List.aspx >> List FAQ : http://www.activedir.org/ListFAQ.aspx >> List archive: >> http://www.mail-archive.com/activedir%40mail.activedir.org/ >> > -- Letting your vendors set your risk analysis these days? http://www.threatcode.com List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ **************************************************************************** This message contains confidential information and is intended only for the individual or entity named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as an invitation or offer to buy or sell any securities or related financial instruments. GAM operates in many jurisdictions and is regulated or licensed in those jurisdictions as required. **************************************************************************** List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
