Network file security, what solutions are available?

Discussion in 'OT Technology' started by TotalEclipse, May 15, 2006.

  1. TotalEclipse

    TotalEclipse New Member

    Joined:
    Jun 2, 2005
    Messages:
    6,032
    Likes Received:
    0
    Location:
    Outside Philly, PA
    I need a solution to a problem here in the office. I work for an engineering firm with all Windows products (Windows 2k & XP, Server 2003). One problem we have is people deleting or moving folders accidentally. We can't just use Windows security to block everything because the engineers and other employees need to access the files, save files and create files. We need something that restricts moves and deletions. Perhaps something that does not allow mass deletions but only file by file.

    Thanks
     
  2. DAN513

    DAN513 OT Supporter

    Joined:
    Mar 10, 2003
    Messages:
    10,090
    Likes Received:
    2
    Location:
    204
    are you guys using a domain? You can restrict most of that through permissions with active directory.
     
  3. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    You can deny Delete rights with NTFS rights (on the security tab click Advanced then select the group you want to change and click Edit). The problem is that this rarely actually works properly (or as you would expect it to, at least.)

    There is a product called Network Undelete (http://www.diskeeper.com/undelete/undelete.asp) that I've seen used in some small companies to help with problems like this. It won't prevent the files from being deleted but it makes it easier to restore them than pulling them from a backup tape.
     
  4. Yep

    Yep Knick knack paddy whack, give the old dog a bone

    Joined:
    Jan 22, 2001
    Messages:
    4,603
    Likes Received:
    0
    Location:
    South Jersey
    You should be able to do this with all Windows security permissions.

    Certain users can read/write. Others can read/write/move/delete/rename etc.
     
  5. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Aside from getting your groups and permissions straight, what you need is file versioning, so that anything deleted can be restored back to X date. In a windows environment, sharepoint can do this with versioning enabled.

    Microsoft makes this much harder than it should be with its proprietary binary file formats, but this is changing some in the newer versions of Office that use an XML file format by default. Text based file formats are easy for any version tracking tool to version. You could use an open tool like Subversion to do this right now, but binary files (which most application file formats are to subversion) would have to be saved in their entirety each time a modified version was saved. So it would take up mucho space-o. It would work though: anything saved to a directory mapped by svn will result in that version being thrown in the repository. You could use a free tool to do this, or something beefy like Perforce (I'd take a look at this, if you can afford it). Thats what a friend uses at a game development studio to store and version all the source code, binaries, art, 3d models, etc.

    In conclusion: get some versioning going over there. No engineering firm should be without.
     
  6. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
  7. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    NTFS > you.

    NTFS can get VERY specific on what rights users/groups have.
    [​IMG]
     
  8. TotalEclipse

    TotalEclipse New Member

    Joined:
    Jun 2, 2005
    Messages:
    6,032
    Likes Received:
    0
    Location:
    Outside Philly, PA
    Awesome. I'm trying to get this company up to date but it's an uphill battle. I should have mentioned that NTFS permissions didn't give us as much as we were hoping for. We want to try to give everyone create/move/delete permissions without shooting ourselves in the foot.

    Peyomp, thanks. I have been pushing versioning but didn't have too much first hand knowledge/experience. Hearing someone bring it up though makes me think it is even more appropriate.
     
  9. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Versioning in an engineering firm can and will SAVE YOUR ASS.
     
  10. TotalEclipse

    TotalEclipse New Member

    Joined:
    Jun 2, 2005
    Messages:
    6,032
    Likes Received:
    0
    Location:
    Outside Philly, PA
    Do you currently work with an engineering firm Peyomp? I was at another firm for 5+ years and left the field only to come back to it. This company needs a LOT of help. Anyone I could bounce ideas off of would be great. I have only a small network right now.
     
  11. Peyomp

    Peyomp New Member

    Joined:
    Jan 11, 2002
    Messages:
    14,017
    Likes Received:
    0
    Well, we're a software engineering firm and I don't imagine that we could code anything wihtout a code repository doing versioning for us :) We're not large enough to require such a solution for all our documents yet, though. We'll be versioning every document on software projects soon, using webdav over https and subversion.
     

Share This Page