# Windows SBS 2008 permissions



## noblelord (May 17, 2009)

Hullo all,

Not been here for a while - though I return with a question of my own. Basically, I need to find a quick and easy way to stop my users accidentally deleting files. I'm running Windows SBS 2008 and they are all in the same usergroup.

Now I know I can easily modify the permissions of each folder/tree so that they cannot be deleted/moved/renamed. The problem is that I don't wish for my users to be prohibited from deleting *all* of them, however it would be far too cumbersome for me to go through and pick each directory manually and alter its permissions.

Let me outline below - everything in red is a directory I do not want users to be able to delete, move, rename, cut or copy.

s://projects/financial management/united kingdom/2009 individual project 1/project info

So I cannot simply alter the permissions of the top level directory and all sub-directories because this will not enable them to work with the very last level of directories. The above filepath is an outline - some would be much longer, some would be shorter. Ideally I'm looking for a quicker way to accomplish this in SBS 2008 or a utility that can manage this for me running on the server. Basically I want to stop them from deleting entire projects/categories, whilst still be able to manage the very last level of sub-directories which contain their own projects data.

Do let me know if that is unclear (probably will be!).


----------



## aasimenator (Dec 21, 2008)

You can try doing regular backup's, there is no other way I can think of that would work in your situation.


----------



## StumpedTechy (Jul 7, 2004)

I would do a combination of shadow copy, regular backups and then I would also go as far as doing something along the lines of 

s://projects/financial management/united kingdom/2009 individual project 1 - unable to be deleted - read access
s://projects/financial management/united kingdom/2009 individual project 1 modify - make this be the place they put the deletable information for project 1.

This would give one dir of things they can't touch but to look at and one they can save to and delete items as they see fit. Its not really a good thing to get into micromanaging shares you'll spend more time trying to figure things out than working on more important problems.


----------



## noblelord (May 17, 2009)

Thanks - I do regular backups to RDX drives along with online backups, but there is nothing worse when someone insists a file has gone missing and they didn't delete it. Most of the time they've done something stupid like selected a lot of files but accidentally moved them elsewhere. 

I agree about the micromanaging - we have hundreds of projects and I don't want to go through and edit the permissions for each shared folder. Would take far too long.

Thanks for your input.


----------



## aasimenator (Dec 21, 2008)

You can enable Audit on Object access on your server. so when someone deletes a file a event will be created & you can then show that person that they have done it & you have a proof.


----------

