I have a shared folder that I've had to restore because those who have access to it keep deleting it. I have tried
drilling the security permissions to only allow "modify" but not "delete" for files and folders. The problem with this is that any new files created can still be deleted.
I have tried setting exclusive "deny delete" for the folder and the problem is files cannot be renamed or moved.
So I am back to square one. How do I stop users deleting files and folders?
Since you didn't indicate, I'll assume you're talking about shared Windows folders. In this scenario, it's impossible to restrict users from deleting files. If you think about it, applications that open certain files commonly need to delete such files in order to save changes to the files.
However, if you need to prevent users from accidentally deleting files and do not need to obtain backups, you can always use the "shadow copies" feature of Shared Folders. Microsoft offers a 'shadow copies for shared folders' technical reference guide on its TechNet website.
In terms of preventing users from intentionally deleting files, there's really nothing that can be done. If the user wanted to delete the file contents, he or she could use his or her application to save an empty file and the application would rewrite the contents to null.
In order to minimize the number of users who can delete shared files, you can assign permissions to the groups that access a folder. One group can have "read and execute" permissions and the other group can have "modify" permissions. You can then assign permissions to the members of the respective groups depending on what they need to do. Enabling "modify" to the second group denies them the permissions to delete folders and subfolders. This means the user can delete an individual file but not the whole folder or a subfolder and, thereby, everything in it.
This is a compromise. By letting some users have permissions to delete, they are, therefore, responsible for what is in that folder. But if they accidentally delete something, you still have to restore it from the backup or the shadow copy.
For more information:
- Learn how to use Windows Rights Management Services to secure data in this expert tip.
- Is NAC overhyped or underused? Read more.
Dig deeper on Enterprise User Provisioning Tools
Related Q&A from Randall Gamby, Contributor
Is your remote desktop access software really secure? Randall Gamby offers advice for conducting a remote access audit to validate security.continue reading
Expert Randall Gamby discusses risk-based authentication, and whether that type of user identification system is right for the enterprise.continue reading
Expert Randall Gamby discusses various types of single sign-on, specifically the approaches of Ping Identity's SSO and Symplified SSO.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.