Hello contact,
Thank you for posting in Q&A forum.
In Active Directory (AD), you can set up read permissions on a shared folder but still deny copy permissions through more granular control over the actions a user can perform. However, traditional permission settings do not include an explicit "deny copy" option.
Instead, you can approach this problem with a combination of security measures. Here are a few strategies:
1.Deny Write and Modify Permissions:
If a user only has read permissions and is not allowed to modify or write to the files, they won't be able to perform any significant changes. However, this won't explicitly prevent them from copying the files to another location.
2.Prevent Data Extraction Tools:
Use Group Policy to restrict access to certain tools that can be used to copy data.
Disable USB ports to prevent users from copying data to external drives.
3.Auditing and Monitoring:
Enable file system auditing to keep track of which files are accessed and by whom. This won’t prevent copying but can help you keep track of file access and identify misuse.
4.Third-Party Tools:
Use third-party Data Loss Prevention (DLP) software that offers more granular control over what users can do with the data, such as restricting the ability to copy, print, or email it.
5.Network Share Permissions:
Ensure that the share permissions are set to "Read" and NTFS permissions (security tab) are also set to "Read", ensuring that users cannot make changes to the files.
Here's a basic overview of how to set read-only permissions on a shared folder:
1.Set NTFS Permissions:
Right-click the shared folder and select "Properties."
Go to the "Security" tab.
Click "Edit" to change permissions.
Add the specific AD user or group.
Set the permission to "Read & Execute," "List folder contents," and "Read."
2.Set Share Permissions:
Go to the "Sharing" tab in the folder properties.
Click on "Advanced Sharing."
Click on "Permissions."
Add the specific AD user or group.
Set the permission to "Read."
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.