We have a folder on a windows server shared to provide access to an important application. When the application is being updated we (DBAs) change the permissions on the share to deny all access to it and then disconnect any files open on the share. After we complete the application update (using a different share to the same files) we re-enable access to the share.
The way we modify the share is using the MS Management Console to remotely connect to the server. Apparently this capability requires administrator access on the server or at least some level of permissions that the Infrastructure team would like to take away.
The question is how can the DBAs handling the application update disable and enable access to the share with as few permissions on the server as possible?