Managing Read-Only Network Shares During SharePoint Migration
Documentation on how to set up read-only network shares for SharePoint migration, allowing users to copy and delete files while preventing new file creation.
🎯 Objective
The purpose of this documentation is to explain how to "freeze" network shares (make them read-only) in preparation for a migration to SharePoint, while still allowing users to move or delete files.
🧱 Situation
- All department folders on the server are made read-only.
- Users must be able to copy files to SharePoint.
- Users must be able to delete files from the original folder after copying.
- No new files should be created or existing files modified.
🚫 Limitations of Read-Only Permissions
| Action | Allowed in Read-Only? |
|---|---|
| Read/open files | ✅ Yes |
| Copy files | ✅ Yes |
| Delete files | ❌ No |
| Modify/edit files | ❌ No |
| Create new files | ❌ No |
🛠️ Solution: NTFS + Share Permissions
NTFS Permissions (Advanced tab)
- Users:
- Allow: Read & Execute
- Deny: Write
- Denying "Write" still allows delete/move operations.
Share Permissions
- Use "Change" instead of "Read" — this enables delete actions through the share path.
⚠️ Important Notes
- If users access files via mapped drives (e.g.,
P:\Department), ensure the Share Permissions are not strictly read-only. - Always test settings with a user account before applying them broadly.
- Consider logging deletion events for audit purposes.
✅ Summary
This setup enables a migration scenario where:
- Users can access and copy files.
- Users can delete files after copying.
- No new content is added to the old location.
- The share behaves like a “staging zone” during migration.