|
Posted by FB on May 19, 2008, 4:26 pm
Please log in for more thread options
I have a complex Folder Tree with several Files/Folders and the customer
wants to create a proccess where the user puts ("drops") the file in the
folder tree and after that, the file must be innacessible.
Now is working with Write-Only NTFS Permissions on the folder tree
But the owner of the file can modify the file, and i don´t wanna that. I
want a true "drop" folder where once the file is "droped" in the folder, the
file must be innacessible for the owner too
i´m not talking about FTP, i´m talking about a regular Share/NTFS Folder Tree
|
|
Posted by neo [mvp outlook] on May 19, 2008, 6:13 pm
Please log in for more thread options
If you are using Creator Owner in the list NTFS ACLS, remove it. Other than
that, we did run into some problems in regards to moving/copying files
between the same UNC path. Needed a patch + registry key from Microsoft to
force the operating system(s) (WinXP/Windows 2003) to recacl NTFS
persmissions. Once these things are in place, its easy to setup a blind
drop directory and use ABE to hide contents if necessary.
So out of curiosity, what operating system are you using and what have you
tried?
/neo
show/hide quoted text
> I have a complex Folder Tree with several Files/Folders and the customer
> wants to create a proccess where the user puts ("drops") the file in the
> folder tree and after that, the file must be innacessible.
> Now is working with Write-Only NTFS Permissions on the folder tree
> But the owner of the file can modify the file, and i don´t wanna that. I
> want a true "drop" folder where once the file is "droped" in the folder,
> the
> file must be innacessible for the owner too
> i´m not talking about FTP, i´m talking about a regular Share/NTFS Folder
> Tree
|
|
Posted by Sebastian G. on May 19, 2008, 7:05 pm
Please log in for more thread options neo [mvp outlook] wrote:
show/hide quoted text
> If you are using Creator Owner in the list NTFS ACLS, remove it.
So what? The user can still change the ACL afterwards, since he remains as
the owner.
|
|
Posted by neo [mvp outlook] on May 19, 2008, 9:24 pm
Please log in for more thread options Not true if you set the right NTFS permissions. :)
show/hide quoted text
> neo [mvp outlook] wrote:
>> If you are using Creator Owner in the list NTFS ACLS, remove it.
> So what? The user can still change the ACL afterwards, since he remains as
> the owner.
|
|
Posted by neo [mvp outlook] on May 19, 2008, 9:36 pm
Please log in for more thread options Let me rephrase... your right, they retain Owner on the ownership tab, but
it is possible to allow write once and ensure that with propert ntfs acls,
that they can't change, read, delete, .etc.
show/hide quoted text
> Not true if you set the right NTFS permissions. :)
>> neo [mvp outlook] wrote:
>>> If you are using Creator Owner in the list NTFS ACLS, remove it.
>> So what? The user can still change the ACL afterwards, since he remains
>> as the owner.
>
|
| Similar Threads | Posted | | HOWTO: Creating a Drop-Only Shared Folder | June 9, 2008, 3:05 pm |
| EFS blocking users from accessing their encrypted files | June 6, 2007, 10:33 am |
| NTFS Permissions to allow saving but prevent changing | March 15, 2010, 2:53 pm |
| Adding rights to files without changing Ownership - special case! BATCH command needed! | December 15, 2009, 6:28 am |
| Cleaning Up Files that are Missing NTFS Permissions | March 20, 2006, 11:54 am |
| Folder and Files Security | October 3, 2006, 1:46 pm |
| Using CREATOR GROUP for files/folder | July 11, 2005, 10:43 am |
| NTFS , folder permissions ! Need Help | January 4, 2006, 11:51 am |
| Share folder and NTFS permission | April 10, 2008, 6:47 pm |
| windows 7 - folder re-direction/offline files issue | May 21, 2009, 11:48 am |
|
XML Sitemap
> wants to create a proccess where the user puts ("drops") the file in the
> folder tree and after that, the file must be innacessible.
> Now is working with Write-Only NTFS Permissions on the folder tree
> But the owner of the file can modify the file, and i don´t wanna that. I
> want a true "drop" folder where once the file is "droped" in the folder,
> the
> file must be innacessible for the owner too
> i´m not talking about FTP, i´m talking about a regular Share/NTFS Folder
> Tree