Archived from groups: microsoft.public.win2000.security (
More info?)
On Sun, 8 May 2005 13:26:30 -0400, "Jeffrey L" <jeffrey@nowhere.com>
wrote:
>The users need WRITE access in order to enter payments, billing, etc. They
>are trusted not be theives and there are checks and balances in place for
>security purposes. We just didn't want anyone to have the ability to
>restore older files if they thought that there was a file integrity problem
>before IT gets involved and troubleshoots.
Then your only option is remove the shadow copy client from their
systems. Or, since they are trusted, simply tell them not to restore
shadow copies of those files/folders.
An alternative that may or may not be possible in your setup is to
have those files on different drive and not run shadow copy services
for that drive.
Jeff
>
>"Herb Martin" <news@LearnQuick.com> wrote in message
>news:%23SoP8yvUFHA.2468@TK2MSFTNGP10.phx.gbl...
>> "Jeffrey L" <jeffrey@nowhere.com> wrote in message
>> news:#BBfuxmUFHA.2616@TK2MSFTNGP14.phx.gbl...
>>> Several users involved in billing are connected to share for BillingData.
>>> Only one of these users should have the authority to restore a previous
>>> version (such as an admin.)
>>
>> Then those 'other users' should not have the authority to
>> WRITE to the main file or shouldn't even have the authority
>> to READ that file (make copies.)
>>
>> Notice that shadow copy is NOT the problem here, but rather
>> the permissions given to the users is the real issue.
>>
>> If they choose to make their "own" backup of a readable
>> file today, you could not stop them. If they choose to over-write
>> a WRITABLE file tomorrow from that backup -- for even
>> from some junk -- you could not stop them.
>>
>> You have a permission problem, not a shadow copy
>> problem.
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>>
http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>>
>>> "Herb Martin" <news@LearnQuick.com> wrote in message
>>> news:Ov6jDemUFHA.2768@tk2msftngp13.phx.gbl...
>>> >> "Jeffrey L" <jeffrey@nowhere.com> wrote in message
>>> >> news:ubxU60lUFHA.3572@TK2MSFTNGP12.phx.gbl...
>>> >> > Is there a way to limit some users of rolling back to a previous
>>> > version?
>>> >> > Although the users have access to the shared drive, we just don't
>> want
>>> >> > them to have the option of restoring a previous version.
>>> >
>>> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>> > news:exqR6BmUFHA.1044@TK2MSFTNGP10.phx.gbl...
>>> >> Rollback what?? If you mean they are accessing a share on a Windows
>> 2003
>>> >> Server that has Volume Shadow Copy I don't know of a way to
>>> >> selectively
>>> >> prevent users from using it unless you do not install the client on
>> there
>>> >> Windows 2000/XP Pro computers. --- Steve
>>> >
>>> >
>>> > Steven is correct -- that is the main point of Shadow Copy
>>> > so you either disable it or you don't give the client software
>>> > to the users.
>>> >
>>> > Why every would you want people not to be able to recover
>>> > a file?
>>> >
>>> > If they are recovering "other people's files" then that should be
>>> > dealt with through permissions.
>>> >
>>> > A user must have READ on the original to copy the shadow
>>> > version, and Modify/Change on the original to overwrite it.
>>> >
>>> > Since each person almost always has this on their own files,
>>> > they are going to be able to recover those file that belong to
>>> > them, and any others that meet these requirements.
>>> >
>>> > --
>>> > Herb Martin, MCSE, MVP
>>> > Accelerated MCSE
>>> >
http://www.LearnQuick.Com
>>> > [phone number on web site]
>>> >
>>> >
>>>
>>>
>>
>>
>