Questions

Server 2008 permissions and Office 2007 tmp files

Tags:
+
0 Votes
Locked

Server 2008 permissions and Office 2007 tmp files

westbury11
We have a Server 2008r2 enviorment with Office 2007 all users had 'modify' rights to network shares and which gave them the ability to accidentaly delete files&folders. We changed permissions to 'Read&Execute' only to find they could not create or save office files on the file server and it would also create hundreds of office tmp files. Does anyone know the best way to set Permissions/Special Permissions to give them the ability to "create,write&save documents" without having 'delete' and without Office creating tmp files
  • +
    0 Votes
    gechurch

    I think you've basically answered your own question; go into Advanced and edit Special Permissions. Tick the Read, Create and Write options but don't tick the Delete options. No Delete also means no Modify or Rename which may or may not be an issue for you. I would recommend granting Owner delete permission - this will allow users to modify/rename/delete their own files, but not other people's.

    I've never run into the Office tmp files issue, but from the above description we can probably guess what's going on. Office is saving (ie 'Creating') tmp files (possibly autorecover files) with the users credentials. Since the user doesn't have permission to rename or delete Office can't clean them up (rename or delete) when it's done.

    If accidental deletion is an issue there are a few ways to mitigate against this:
    * Disable drag and drop (a common way for files to suddenly end up in different folders).
    * Turn on Previous Versions. This is an awesome feature and you can have versions created on whatever schedule you like. This won't stop the deletions, but will make it dead simple to recover from.
    * Implement a continuous backup system, and consider giving users the ability to do restores.
    * Consider a different way of accessing files, like SharePoint. This is a free product, has strong permissions (with ties into AD), has two levels of recycle bins (which are configurable), and makes it hard to accidently delete files.

  • +
    0 Votes
    gechurch

    I think you've basically answered your own question; go into Advanced and edit Special Permissions. Tick the Read, Create and Write options but don't tick the Delete options. No Delete also means no Modify or Rename which may or may not be an issue for you. I would recommend granting Owner delete permission - this will allow users to modify/rename/delete their own files, but not other people's.

    I've never run into the Office tmp files issue, but from the above description we can probably guess what's going on. Office is saving (ie 'Creating') tmp files (possibly autorecover files) with the users credentials. Since the user doesn't have permission to rename or delete Office can't clean them up (rename or delete) when it's done.

    If accidental deletion is an issue there are a few ways to mitigate against this:
    * Disable drag and drop (a common way for files to suddenly end up in different folders).
    * Turn on Previous Versions. This is an awesome feature and you can have versions created on whatever schedule you like. This won't stop the deletions, but will make it dead simple to recover from.
    * Implement a continuous backup system, and consider giving users the ability to do restores.
    * Consider a different way of accessing files, like SharePoint. This is a free product, has strong permissions (with ties into AD), has two levels of recycle bins (which are configurable), and makes it hard to accidently delete files.