But that's the thing... I need rename.. I need delete. I can't
permission myself into a non collaborative work environment where it
takes a network admin to rename a misspelled folder.
I need a balance and I haven't found it yet.
Wyatt, David wrote:
Prevention is better than a cure. Do as the previous poster suggests
and apply the appropriate NTFS permissions so that users can create and
write files/folders but not delete, move or rename???
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:[EMAIL PROTECTED]
Sent: 09 Dec 2005 19:14
To: [email protected]
Subject: Re: [ActiveDir] I need an auditing and control solution [and
yesI'll even fork moneyout for this]
And stupid question...so I'm auditing for 'Delete' and 'Delete
Subfolders and Files'.... would auditing 'Create Folders/Write Data' and
'Create Folders/Append Data' give me the needed logs for 'okay this
person is the one that dragged the file and slid it'.
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
I need them to be able to create new folders on a regular basis under
two main folders. [new clients you know]
Litigation clients ------- name of each partner [yes they are
management so one has to propose reasonable solutions] ---- client
subfolders
Due to our collaborative needs they need to get into each other
partner folders and not just their own and always be able to create
new folders.
Za Vue wrote:
Depends on how many folders you are talking about. NTFS can be
applied to folders. My users can only open the folders, can't move
folders, can't delete folders, can't rename folders, can't create
folders, etc. They can modify files inside their prospective folders.
-Z.V..
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Problem -- the 'fatal finger syndrome'
I have a collaborative firm. There are certain folders that
everyone in the office [well with very few exceptions anyway] need
to get into.
Due to mouse's and dexterity.... over the years individuals have
been the root cause of my "fatal finger syndrome" a condition where
one person clicks on a folder and accidentally slides it under a
neighbor.
These days we don't freak, we just look around and find the slid
folders and move them back.
So the other day, under a certain folder, client folders beginning
with the letters co through zz end up ...not slid...not moved, but
gone, deleted. Now between the shadow file copy that the system
does, the robocopy batch file [yes I actually wrote a small bat
file, Joe would be so proud] to pull of copies of that one drive to
a spare harddrive, and nightly backups, I have enough paths to
ensure that I've got multiple ways to get to that data so that it
was minor to push the data back.... but it's obvious to me I need
way better control over the fatal finger syndrome.
I'm stuck in the position of ...that I can't [as far as all that
I"ve ever been able to find] unable to set permissions in such a way
to allow for creating folders, but not sliding folders nor deleting
them.
I'm going to review adjusting 'object access' for those series of
folders and look into a 'dump to storage' of an auditing software
since I know this will increase my already noisy security log files.
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/S
erverHelp/50fdb7bc-7dae-4dcd-8591-382aeff2ea79.mspx
I'm testing out whacking off/disabling cut and paste and seeing if
that freaks anyone out in the office [I believe the disabling of cut
and paste in IE will also affect the Windows explorer?]
Stupid questions.......
1. Any other ideas or suggestions from the AD gurus to minimize
this 'fatal finger syndrome' that I'm fighting
2. To better track the issue? Flag it? Control it? Stop it?
Besides hitting people upside the head?
I've got the recovery process/procedures so that I can restore data,
but I'd like it either stopped or identified as it happens.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
