One of most common error I see on Windows Environments is the users with Full Control Permissions.

This is a bad mistake give a user full control on his network share, only if he has a compelling reason you must provide full control. Let me explain my point of view.

When the users ask for a network drive or share for its files, it is normal he ask for “full control” meaning that he can read/write/delete files. But he doesnt have a reason to have the Full Control in NTFS permissions.

The Full Control must be given only to the Administrators or Domain Admins groups, why?

With the Full Control the user can change the permissions, it is not rare a user remove the backup user or Administrators permissions from his network share or drive.

If it was intentional or not doesn´t matter your task is to mantain everything ok, and especially on backup.

So when the user removes the backup user or administrator users permissions, several bad things can happen:

1- Some Backup Products doesn´t make backup, and doesn´t give error (I will not tell names)

2- Some Antivirus Products “avoids” the files

3- When you are in the late evening making a file transfer files from one server to another, it will abort on the files and you will scream about your lost time on the night.

The solution:

Give only change permission to the user, this is the best solution if he wants to write/read/delete files. And he will feel that he has “Full Control” on the network or drive share.