New
#1
Suppress *.tmp creation
I have a very restrictive permission system on my external hard drive, for security reasons (and because the files on the drive are very valuable (to me at least), scientific journal articles amongst other things) I have it set so that:
- only one user (an admin, which has full control) can delete, this is further restricted by another permission that disallows deletion (this applies to all users, even 'everyone' group) so I have to make the conscious decision to remove the disable permission, then enter that user's admin password on the UAC screen to delete any files. This is to hopefully prevent accidental deletion of any files and to prevent any malware corrupting these files (I don't ever install using that admin account or use that admin account for anything other than when I am using these files)
- only my main account (read, write & execute) & that admin account has write capabilities (annoyingly though to rename/move a file the delete permission is used, why is that? Shouldn't rename at least be 'write' not 'delete'?)
- Only that admin account can take ownership and/or edit permissions, through both the filesystem permission and the 'take ownership' power in Group policy (only that admin account has that ability). Again, like delete, further restricted by a 'deny take ownership & change permission' group which further disallows any other user from making changes
- every other user, including the 'everyone' group only has read & execute access
The annoying fact of all that is that any effort to change anything on that drive creates a *.tmp file, a simple right click, for example creates a tmp file. Is there a way to suppress these files being created as they are not automatically deleted by the OS, even when the permissions are not as restrictive as they are currently? It is quite annoying having random files pop up in a file structure that's being backed up to disk frequently (I often forget to remove the files).
In addition, is there any other modifications I should make to further protect these files, such as any other accounts that should be denied write/delete access?
Thank you, and I hope I have made a little bit of sense.