General discussion

Locked

NT Folder Permissions

By Gary Haldane ·
Is it possible to stop a user from copying or dragging a folder to which they have minimum or no permissions to a different location.
Once a copy has been made then the user has access to all sub-directories and files.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Create a profile...

by parsonsac In reply to NT Folder Permissions

using the profile manager, create a profile for the user and then restrict the rights the user has to move folders

Collapse -

No permissions means no permissions

by pkust In reply to NT Folder Permissions

If a user has no permissions (Permissions setting No Access), then they will not be able to access a file or folder, period. To copy a folder requires, at a minimum, read permissions. No Access would prevent unauthorized copying--along with everything else.

Consequently, a user can copy a file or folder only if they have access to it to begin with. If access is your concern, set users' access rights to No Access where appropriate and be done.

The far more delicate scenario (and, unfortunately, the far more likely one), is where a user needs Read access, and the need exists to restrict the users ability to transfer data to a local hard drive or other place on the network. Profiles that limit the ability to copy files and folders is one mechanism that should be considered. Also, one needs to address permissions across the network. In such an environment, users should not have access to directories without explicit need, and even the concept of personal directories should be critically examined. To address the concern of unauthorized replication of data, you have to look not only at the permissions at the source, but also on all potential destinations. If there's no place to which data can be copied, then the data can't be copied at all.

Cordially,

Peter Nayland Kust
TekMedia Communications
http://www.tekmedia.com
pkust@tekmedia.com

Collapse -

An Alternative Method for Access Control

by brucegyl In reply to No permissions means no p ...

I have this concept in place:
Give each user full access to his/her own directory of data and 'no access' to the other users. Create a Public directory in each folder for groups of like users and give all the users in the group full control of this Public dir. Any one can copy a file into this dir and allow the other user to view, copy, or move to their own directory. This will compartmentalize and secure each user's data from any other user on the system. Public directory access will be simplified if your users are members of a 'group' you create. The access to Public would not have to be updated for each new user. Just delete old users and add new ones to the authorized 'group name'. Good Luck.. bruce gayle

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums