Anyway to "lock down" Windows Explorer?

Mark M · 19 Jul 2017 at 15:06

We have a simple set up with a few computers connecting to a NAS which acts as a file server. Files are saved to a clients folder with each client having their own sub folder etc. Weve had a couple of minor issues in the past where users have accidentally dragged one client folder into the one above or below which can be retrieved by a quick search as each client has a unique client code.

Today however was different and one user has somehow managed to delete the entire client folder! Luckily it was in the recycle folder on the NAS or we would have had to restore it from last nights backup and lost some of today's data.

Is there any way to stop this from happening or is there an alternate to Windows Explorer?

One thing that may be an issue is that our main piece of software automatically creates the client sub folder and adds further sub folders for each service we provide which may mean an alternate to Windows Explorer is the only option?

d_brennen · 19 Jul 2017 at 15:20

NTFS permissions? Why does everyone have full control/modify on parent folders?

Bry · 19 Jul 2017 at 20:27

As above sounds like you just need to properly setup ntfs permissions to do what you want.
So something like
advanced permissions

this folder only set to read. Set on the client folder
subfolders and files only set permissions to either modify or full control. Set on the client folder

apply permissions to groups if you can rather than users.. makes it easier to add or remove people in the future. Test it on some test folders of course first.. to make sure you got it right.

But this means they can see the client folder and click into it. But theycant move, rename or delete it.
But within that folder they can do anything they want as these are the subfolders and files of that folder.

Hellsmk2 · 20 Jul 2017 at 13:44

As it sounds like you are not familiar with ntfs permissions, I would suggest you create a set of empty folders that mimic your existing structure on a small scale, and test your permissions on those first. I've seen many a structure destroyed by a lack of understanding.

Other obvious tips... never set a deny permission, and always use AD groups for permissions (don't add users direct to the security tab).

matthab · 26 Jul 2017 at 15:58

Sounds like an ideal candidate for Office 365 using Sharepoint/team sites.

Mark M · 3 Aug 2017 at 12:04

Thanks for the replies. Im in the process of setting up a little test environment for this and to check our disaster recovery solutions will actually work should we need them!