Prevent deleting files in shared folders
-
@iroal said in Prevent deleting files in shared folders:
Activating Previous Versions will allow you to recover the delete files quickly in case you need it.
This isn't a bad idea, but it's storage based, rather than time based. So it will work, but if there 5GB of space allocated, and you go over that 5GB of space, some files in your "backups" will get dumped for the new more recent changes.
-
I also recommend turning on a file auditing policy. That way when someone deletes a file, you can identify the user then let office politics sort out the punishment.
-
Office Politics never resolves anything.
-
@dustinb3403 said in Prevent deleting files in shared folders:
Office Politics never resolves anything.
Fair, but if you can't prevent the delete, then it will happen. Then management will come to you and say "Where is my file?" You can then restore it from backups, and the next words out of their mouth will be "What happened?" It is nice to be able to say "on 11/30/17 at 1:15PM, Bill deleted it. I don't know why he did that."
-
@s-hackleman said in Prevent deleting files in shared folders:
@dustinb3403 said in Prevent deleting files in shared folders:
Office Politics never resolves anything.
Fair, but if you can't prevent the delete, then it will happen. Then management will come to you and say "Where is my file?" You can then restore it from backups, and the next words out of their mouth will be "What happened?" It is nice to be able to say "on 11/30/17 at 1:15PM, Bill deleted it. I don't know why he did that."
Oh I didn't disagree. I was just stating that office politics never resolves anything.
-
Deleting is part of the ability to write. You can't be able to write but not delete. Delete is just a form of writing. Same as with paper.
-
@scottalanmiller said in Prevent deleting files in shared folders:
Deleting is part of the ability to write. You can't be able to write but not delete. Delete is just a form of writing. Same as with paper.
Yeah, I have witnessed so many bad setups over the years because people try to do this.
Hell to save a document with MS Office, you are writing to a temp file, deleting the original, and then renaming the temp file.
-
@dustinb3403 said in Prevent deleting files in shared folders:
@iroal said in Prevent deleting files in shared folders:
Activating Previous Versions will allow you to recover the delete files quickly in case you need it.
This isn't a bad idea, but it's storage based, rather than time based. So it will work, but if there 5GB of space allocated, and you go over that 5GB of space, some files in your "backups" will get dumped for the new more recent changes.
Design the system to have at least as much shadowprotect as you have daily changes (or at least as often as the backups run). This way if it's longer than that, you just go to the backups.
-
Backups will be your answer here and say setup Shadow Copies that are at key times in the day and that are stored for at least a month.
-
You can't set their permissions like this:
?
-
@dafyre said in Prevent deleting files in shared folders:
You can't set their permissions like this:
?
No because it's a stupid practice and approach to prevent something that is already protected against with Backups.
-
@dustinb3403 said in Prevent deleting files in shared folders:
@dafyre said in Prevent deleting files in shared folders:
You can't set their permissions like this:
?
No because it's a stupid practice and approach to prevent something that
is alreadyshould be protected against with Backups.FTFY. He didn't mention backups, so I'm not going assume they are there. Though I agree backups are of course the best solution, but that's another topic.
-
Just turn on shadow copies and file auditing... and keep things the way they should be, either read or read/write like others suggested.
Then if someone deletes a file, restore it from the shadow copy. Then look at your audit logs to see who deleted it and when, and give that info to their boss.
-
I would look into role based access control.
http://www.yster.org/role-based-access-control/And then utilize shadow copy, audit logs and making sure to have a good backup setup.
-
@dafyre said in Prevent deleting files in shared folders:
You can't set their permissions like this:
?
Of course you can. But it breaks shit as already mentioned.
-
Which reminds me of my first menial task in the Mead datacenter in 2001, deleting office tmp files from our 200 netware file shares every day.
Also, ushering in and out tape backups to the daily pickup company who took them offsite for rotation.
-
cheers guys. What I love about this forum is that theres always a superb response and members always take a general interest and open the topic to further discussions. It's a great community here so thanks for the responses....Yes, we do have a off-site backup in place but it runs once a day at 10pm. I like the idea of shadow copies and the audit trail.
I'm going to enable ShadowCopies for 1pm daily. One extra copy is better than nothing or would you suggest a number of copies each day?
How do I enable the audit trail?
-
-
Identify who needs RW and who can live with R only, usually talk with managers and they can tell you who can and who should not.
-
Backup the share at the end of each day, by taking an archived snapshot. that way even if there was deletion you can restore
-
There is feature where you can track those stuff, but i dont see how usefull it will be in real life
-
-
@scottalanmiller said in Prevent deleting files in shared folders:
Deleting is part of the ability to write. You can't be able to write but not delete. Delete is just a form of writing. Same as with paper.
Does Windows (NTFS) have a sticky bit? You could do this on a Linux OS if you have the uid set to root and the gid set to the group the users are in and setgid and sticky bit are turned on for the directory. The auto root uid is the tricky part. It would by default be their user.
-
You need to set the rights to authenticated users/everyone ( Read and Write ).
You can also try below steps to set NTFS permission for that shared folder.
-> Right click on that folder and go to Properties and from the Security tab, click advanced.
-> click "Change permission" and Click "Add" and type "everyone" in the box .
-> Open "everyone" end change its permission as you wish.Please refer to below article for more information: