Where I work we make some short movies and use photos. The clients and people we serve are encouraged to take a copy of these home for their future use.
They’re training program type vids and such.
Here’s what is happening. I put these files on an external hard drive. So all the people have to do is go on the computer and click the file, drag it to their flash drive and select copy.
For some reason about half keep selecting “move,” even though the instructions clearly say “select copy not move.”
It’s not a big problem in of itself, as I can simply put the files removed back on the external drive from the original source.
So that leaves me having to pull an employee to do it for the clients.
But is there a way to designate this hard drive so no one can move from it. Only copy a file from it.?
Mark the files and directories as “read-only”. To move a file, the computer actually does a copy, and then deletes the original. Making the original file and directory structure read-only prevents the deletion, which is a write operation.
If the whole device is supposed to be read-only, some devices have a physical toggle switch someplace that makes the entire device read-only. Flip that switch and no one will be deleting (or altering) anything stored on that device.
Alternatively, if the drive if formatted as NTFS (very likely, unless it’s been in use since the win '98 days) you can modify the drives security settings to deny the ‘write’ (or ‘modify’, depending on which interface you’re using) permission to the group ‘everyone’.
NTFS on a removable drive is likely to get corrupt
Unless everyone is on the same Windows domain, SIDs on every machine will be different and no one will be able to do anything to the files, including copy them.
There do exist write-blocking USB enclosures that will allow the computer to only read from the device (and not write), but you may find that buying one is more expensive than spending the time to occasionally put the correct content back on the drive.
Regarding #2: I read the OP as saying everyone will be accessing the USB drive from the same physical computer. And even network access would be through a straightforward local proxy account. What would even suggest a cross-domain topology in the OP question?
Ah, I think andrwem was referring to the situation of possibly carrying the external drive around from one computer to another, in which case of course SIDs would be different even for the same account names and problems would result. The OP is ambiguous as to what “the computer” means – one particular computer, or is the external going to hauled around to many different computers?
In any case, NTFS protection would still work simply by providing read access to “everyone” and write/modify access only to a specific SID.
And point #1, again, is absolute and utter bullshit.
Optical drives are kind of going the way of the dodo. I’ve stopped giving clients files on DVD because I’ve found not everyone has DVD drives anymore. (Right now, it’s USB sticks.) And CD–I can’t remember the last time I’ve burned files on a CD.
I don’t want to deny the OP’s problem, but it kind of doesn’t make sense. When you drag & drop a file to a new location but* on the same drive *Windows’ default action is move, but if it’s on two separate drives the default action is always copy. So unless the clients are holding down the SHIFT key while dragging & dropping (which changes it to move) it shouldn’t be happening. As long as you only drag & drop with the mouse, DO NOT right click, that will give you the option to cut or copy…
Flagging the files as “read-only” sounds like the cheapest and easiest solution; however, all that actually does is provide a dialogue box asking to confirm the deletion, which the OP’s brain-dead clients will probably end up clicking anyway. :smack:
No, he’s not saying to flag them as read-only, he’s saying to grant NTFS read-only permissions to the user group the brain-dead clients will be using. Attempting to do a “move” (or “delete”) will just pop up “access denied”.
ETA: Of course the brain-dead clients trying to do a “move” will then start complaining that they don’t have access to the file!
Permissions are meaningless and can be reset by anyone with admin privileges on another computer, no?
If I were you I’d make an actual installer (using NSIS) and an autorun.inf that launches it on insertion. If any of your clients are on Macs, they might need something different.
And wouldn’t it be easier to put the stuff online on a private page/private YouTube channel anyway?
Put your files on Drop Box or Google drive and join the modern era already.
then you can email/facebook/text/google chat/skype/whatever them a link to their files or folder and stop the nonsense of hunting for and messing with physical drives period.
And make things harder for those on the receiving end that have IT departments that give a little bit of a shit about security. My workplace blocks all of those due to HUGE security risks in both directions of travel for data.
