Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, February 21, 2011 11:51 AM
Hi I have Windows 2003 Enterprise Edition on server and Win7/WinXP on client Side
I want to set the permission in such a way that I share a folder with some files in it on the network.
I want that User can read/Write on that folder but cannot CUT/COPY from it. As we have very important
Data and we want that user can only view and write in it but cannot copy/Cut it. Is there any Cumulative
share and NTFS resultant permissions which can solve my issue?
All replies (4)
Monday, February 21, 2011 1:30 PM âś…Answered
This is not possible. 'Read' implies 'copy'.
The only possible way I see is to access that data in Terminal Server, which has client redirection and clipboard disabled. But still, users will be able to take display photos with their mobile phones.
MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA
Monday, February 21, 2011 2:05 PM
This is not possible in Windows (unfortunatelly). When you grant user "Read" permission, then copying is possible. You can always enable Folders/Files auditing and review log to check who copied data and when to track this issue.
How to implement folders/files auditing
http://technet.microsoft.com/en-us/library/cc757864(WS.10).aspx
Regards, Krzysztof
Tuesday, February 22, 2011 3:10 AM
Hi,
Agree with WindowsNT.LV and Krzysztof that if the users have Read permission, they can copy and there is nothing you can do using standard NTFS or Share permissions.
However, if the folder is on NTFS drive, you can set auditing to record who has copied the folder. For more information, please refer to:
Configuring Audit Policies
http://technet.microsoft.com/en-us/library/dd277403.aspx
File and Folder Permissions
http://technet.microsoft.com/en-us/library/bb727008.aspx
Hope it helps.
Regards,
Bruce
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Tuesday, February 22, 2011 2:14 PM
I'm pretty sure that auditing won't be any useful. Just imagine yourself analyzing TONS of Read Successes. None of automation tricks would help either.MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA