Sage 100

I have just been posed the age old question from the IT people asking how to 'physically' secure the MAS files. Right now all the Sage 100 Advanced 4.50 users have the ability to move, rename and delete them. They are worried that some user who understands network paths might accidentally or deliberately do something to the files. I know from a Sage perspective users need read/write/modify/delete, but are there ways to prevent these types of acts?

Can't you hide the folders from the view. Turn off the network discovery on the workstation so they can't poke around under the hood so easily.

In advanced, they don't have to have full access to the MAS90 folder. The service will need full read/write on the server.

Back up early and often, and don't treat your employees like indentured servants. Or go to Premium and make it Microsoft's problem. Either way, it's more likely to be a disgruntled IT person who thinks of doing something like that deliberately, and they'll know how to get around the security anyway.

The issue is areas of MAS 200 that use client-side UNC such as when printing forms and reports. Definitely what @PhilMcIntosh said. Also along the lines of what @JeffSchwenk said, another way (that makes me feel like an indentured servant when I'm the consultant troubleshooting an issue they report) is for IT to create a group policy that prevents access to UNCs through Windows Explorer. It's similar to the client side disabling of network discovery that Jeff mentions but can be done at the domain level through a policy. Note it's not actually preventing any workstation access to UNCs that MAS needs but instead just preventing Windows Explorer access so they can't browse.

To summarize: There's really no way although you can try variations of locking down the files depending upon the version of Sage (Advanced) however many bolt-ons will require full rights so troubleshooting a secured site is problematic.

Exactly, thanks guys - I just needed a little help with some verbiage and stuff.