Click here to get back home

NTFS Drop Folder - Blocking Owner from changing files
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
NTFS Drop Folder - Blocking Owner from changing files FB 05-19-2008
Posted by FB on May 19, 2008, 4:26 pm
Please log in for more thread options
I have a complex Folder Tree with several Files/Folders and the customer
wants to create a proccess where the user puts ("drops") the file in the
folder tree and after that, the file must be innacessible.

Now is working with Write-Only NTFS Permissions on the folder tree

But the owner of the file can modify the file, and i don´t wanna that. I
want a true "drop" folder where once the file is "droped" in the folder, the
file must be innacessible for the owner too

i´m not talking about FTP, i´m talking about a regular Share/NTFS Folder Tree

Posted by neo [mvp outlook] on May 19, 2008, 6:13 pm
Please log in for more thread options
 If you are using Creator Owner in the list NTFS ACLS, remove it. Other than
that, we did run into some problems in regards to moving/copying files
between the same UNC path. Needed a patch + registry key from Microsoft to
force the operating system(s) (WinXP/Windows 2003) to recacl NTFS
persmissions. Once these things are in place, its easy to setup a blind
drop directory and use ABE to hide contents if necessary.

So out of curiosity, what operating system are you using and what have you
tried?

/neo




>
> I have a complex Folder Tree with several Files/Folders and the customer
> wants to create a proccess where the user puts ("drops") the file in the
> folder tree and after that, the file must be innacessible.
>
> Now is working with Write-Only NTFS Permissions on the folder tree
>
> But the owner of the file can modify the file, and i don´t wanna that. I
> want a true "drop" folder where once the file is "droped" in the folder,
> the
> file must be innacessible for the owner too
>
> i´m not talking about FTP, i´m talking about a regular Share/NTFS Folder
> Tree



Posted by Sebastian G. on May 19, 2008, 7:05 pm
Please log in for more thread options
neo [mvp outlook] wrote:

> If you are using Creator Owner in the list NTFS ACLS, remove it.


So what? The user can still change the ACL afterwards, since he remains as
the owner.

Posted by neo [mvp outlook] on May 19, 2008, 9:24 pm
Please log in for more thread options
Not true if you set the right NTFS permissions. :)

> neo [mvp outlook] wrote:
>
>> If you are using Creator Owner in the list NTFS ACLS, remove it.
>
>
> So what? The user can still change the ACL afterwards, since he remains as
> the owner.



Posted by neo [mvp outlook] on May 19, 2008, 9:36 pm
Please log in for more thread options
Let me rephrase... your right, they retain Owner on the ownership tab, but
it is possible to allow write once and ensure that with propert ntfs acls,
that they can't change, read, delete, .etc.

> Not true if you set the right NTFS permissions. :)
>
>> neo [mvp outlook] wrote:
>>
>>> If you are using Creator Owner in the list NTFS ACLS, remove it.
>>
>>
>> So what? The user can still change the ACL afterwards, since he remains
>> as the owner.
>
>



Similar ThreadsPosted
HOWTO: Creating a Drop-Only Shared Folder June 9, 2008, 3:05 pm
EFS blocking users from accessing their encrypted files June 6, 2007, 10:33 am
Cleaning Up Files that are Missing NTFS Permissions March 20, 2006, 11:54 am
NTFS , folder permissions ! Need Help January 4, 2006, 11:51 am
Folder and Files Security October 3, 2006, 1:46 pm
Share folder and NTFS permission April 10, 2008, 6:47 pm
Using CREATOR GROUP for files/folder July 11, 2005, 10:43 am
deny create folder but allow create files June 16, 2005, 12:08 pm
permissions on subfolders with drag and drop July 18, 2007, 3:16 pm
Using CREATOR OWNER February 5, 2007, 2:38 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap