Very Computer

Is it possible to set up permissions/security on Windows 200 Server so
as to allow users full access rights to folders but not allow them to
move or delete the folders themselves?

We have a few staff who appear to be careless with their mouse movements
and are continually having to search for folders which have been
"dragged and dropped" to strange places on the  server!
--
James Sheerin

Are the users at the "clue level" where they immediately realize what
they've done?  If so, maybe let them know that pressing CTRL-Z (or from
Explorer, click Edit, Undo Move) will reverse the move operation.

Quote:> Is it possible to set up permissions/security on Windows 200 Server so
> as to allow users full access rights to folders but not allow them to
> move or delete the folders themselves?

> We have a few staff who appear to be careless with their mouse
> movements and are continually having to search for folders which have
> been "dragged and dropped" to strange places on the  server!

Quote:>Are the users at the "clue level" where they immediately realize what
>they've done?  If so, maybe let them know that pressing CTRL-Z (or from
>Explorer, click Edit, Undo Move) will reverse the move operation.

Thanks Ned, but I'm not sure.  The suspected offenders are probably more
at a "haven't a clue level"!
--
James Sheerin

LOL pretty standard clue level then!
One workaround might be to plant a dummy file (some 0 byte thing or
MARKER.TXT or whatever you please) in each dir and disallow all access to
that file to everybody but Administrators.  That way when they do the
drag-and-drop the filesystem ACLs won't let the move happen.   Though they
might wind up moving *part* of the dir; I haven't tested this theory.  And
with large numbers of directories it can get a little unwieldy to manage....
I don't know of a way to allow full control on the files but not the
directory, sorry.

Quote:>One workaround might be to plant a dummy file (some 0 byte thing or
>MARKER.TXT or whatever you please) in each dir and disallow all access to
>that file to everybody but Administrators.

Sounds like that might work.  Thanks for the idea.  The only trouble is
the effort in setting it up, given the large number of  directories.
May be I'll give it a try next time I'm feeling industrious!

--
James Sheerin

I suppose you could batch it.
dir /ad /b /s >dirlist.txt
to get a listing of just the dirnames

for /f %%n in ('type dirlist.txt') do echo MarkerText >%%n\MARKER.TXT
for /f %%n in ('type dirlist.txt') do echo y | cacls %%n\MARKER.TXT /g
everyone:R

Still not sure if it would really work though!