Dear Experts , I like know how to provide security for shared folder in windows 2008 domain users my scenario is some users with read/right with renaming file/ folders and copy paste but no delete file and folders . and how to generate log for shared folders so that we can keep watch

Hi, Please refer the similar discussions How to prevent user from deleting shared network files http://social.technet.microsoft.com/Forums/uk/winserversecurity/thread/73b5cba3-5049-46c1-a39c-7001e1afe2a1 Preventing Users from Deleting Folders http://www.petri.co.il/forums/showthread.php?t=4554 Best shared folders monitor tool http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/ Group Policy Audit - tracking access/event to shared folder http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/da536d11-9d78-42d1-b670-7d6b618acb51/ HTHI do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Hi, Please refer the similar discussions How to prevent user from deleting shared network files http://social.technet.microsoft.com/Forums/uk/winserversecurity/thread/73b5cba3-5049-46c1-a39c-7001e1afe2a1 Preventing Users from Deleting Folders http://www.petri.co.il/forums/showthread.php?t=4554 Best shared folders monitor tool http://social.technet.microsoft.com/Forums/en-US/systemcentermonitoring/thread/3b7d3dfa-99e5-4aaf-a0e5-3e7dc4cb6f93/ Group Policy Audit - tracking access/event to shared folder http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/da536d11-9d78-42d1-b670-7d6b618acb51/ HTHI do not represent the organisation I work for, all the opinions expressed here are my own. This posting is provided "AS IS" with no warranties or guarantees and confers no rights. - .... .- -. -.- ... --..-- ... .- -. - --- ... ....

Hi, Share permissions apply to users who connect to a shared folder over the network. Share permissions do not affect users who log on locally, or log on using Remote Desktop. To set permissions for users who log on locally or using Remote Desktop, set NTFS file permissions using the options on the Security tab instead of the Share Permissions tab. If both share permissions and file system permissions are set for a shared folder, the more restrictive permissions apply when connecting to the shared folder. You can set file system level permissions (as opposed to shared folder permissions) at the command line by using the operating system tool iCacls.exe or Cacls.exe. The tools run only on an NTFS volume. To enable access-based enumeration on a shared folder, you must use Share and Storage Management. Access-based enumeration allows users to see only the files and folders in a shared folder to which they have permission to access. For more information, see http://go.microsoft.com/fwlink/?LinkId=141539 > how to generate log for shared folders so that we can keep watch You should enable Audit object access policy and configure Auditing for your shared resource. Audit object access policy determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified. Please refer to this article to configure auditing: How to audit user access of files, folders, and printers http://support.microsoft.com/kb/310399 For more information please refer to following MS articles: Managing Permissions for Shared Folders http://technet.microsoft.com/en-us/library/cc753731.aspx Set Permissions for Shared Folders http://technet.microsoft.com/en-us/library/cc726004.aspxLawrence TechNet Community Support

Hi, Share permissions apply to users who connect to a shared folder over the network. Share permissions do not affect users who log on locally, or log on using Remote Desktop. To set permissions for users who log on locally or using Remote Desktop, set NTFS file permissions using the options on the Security tab instead of the Share Permissions tab. If both share permissions and file system permissions are set for a shared folder, the more restrictive permissions apply when connecting to the shared folder. You can set file system level permissions (as opposed to shared folder permissions) at the command line by using the operating system tool iCacls.exe or Cacls.exe. The tools run only on an NTFS volume. To enable access-based enumeration on a shared folder, you must use Share and Storage Management. Access-based enumeration allows users to see only the files and folders in a shared folder to which they have permission to access. For more information, see http://go.microsoft.com/fwlink/?LinkId=141539 > how to generate log for shared folders so that we can keep watch You should enable Audit object access policy and configure Auditing for your shared resource. Audit object access policy determines whether to audit the event of a user accessing an object (for example, file, folder, registry key, printer, and so forth) which has its own system access control list (SACL) specified. Please refer to this article to configure auditing: How to audit user access of files, folders, and printers http://support.microsoft.com/kb/310399 For more information please refer to following MS articles: Managing Permissions for Shared Folders http://technet.microsoft.com/en-us/library/cc753731.aspx Set Permissions for Shared Folders http://technet.microsoft.com/en-us/library/cc726004.aspxLawrence TechNet Community Support