2

We have a shared network drive running Windows Server at work.

One of the folders contains sensitive information that should only be visible to a small group of people.

The problem is that if one of those people copy and paste a folder that has read permissions for everyone into the sensitive folder, anyone will be able to access that folder if they go directly to the full path.

If there any way to set up the file server to make 100% sure that all files and folders created or copied anywhere in the tree under x:\sensitive will have the same restricted rights as x:\sensitive?

forthrin
  • 193
  • 1
  • 9
  • Like so many of these things, this is primarily a user issue and not a technical one. While there are some technical ways to mitigate this (See @jscott's answer), education is the key. Would you be asking how to secure the printer so that users can't print these files? – Dan Feb 01 '14 at 12:30
  • Check out the RMS (rights management services) MS now offers http://technet.microsoft.com/library/dn339006.aspx – Clayton Feb 05 '14 at 21:32

1 Answers1

1

Please see the file system options documented in this Microsoft Support article: How permissions are handled when you copy and move files and folders

The following setting will alter the default behavior and will preserve the ACL during a copy operation.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer
DWORD ForceCopyAclwithFile 1

Note that this must be configured on the client end, so you may use Group Policy Preferences, or something similar, to push it out.

Also related on Serverfault:

jscott
  • 24,204
  • 8
  • 77
  • 99