Security on SBS2003 / .tmp files

[gorilly]

yesterday i locked all my users from being able to delete files and folders after too many accidental deletes were happening causing us to loose inportant data. only two users were going to be given the delete function so that the staff had to go through a further step just to get some files deleted making them think twice.

i removed ALL other permissions and then set it so that the group of users could not delete, only 3 users could delete and the administrator account on the server still had ownership etc.

when the users were working with documents loads and loads of .tmp files were being created! i had to re allow everyone to delete again so that this would stop happening....

anyone know how i can get round this problem?

there was a user called system.,... could this be the account which allows temp files to be deleted?

 

[snvpa]

well I thihnk the best way is to allow the users the right to delete where the temp files are being created and only remove the fullcontrol/ delete permissions from the folders and sub folders that the documents are located. Considereing shadowcopy is most likely being used this might cause some complications if multiple users are accessing the same file at one time. I would also make sure you only remove the permisions that are necessary to remove and use the deny permission very sparingly.

The way I would do it is open the folder that the documents are in say shared documents. Remove the full conrol and delete permission from the everyone group. Then add the users that have the ability to delete manually and assign them the delete permission. Be carefull not to use the deny permission here because that would override everything. If you users like to mess around make sure to also remove the assign permissions and take ownership permission from the everyone group. It should not be there by default.

 

[TranceBear]

Are you creating headaches in your system?