Announcement

Collapse
No announcement yet.

Cannot set NTFS permissions for +Append, +Read and -Create.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot set NTFS permissions for +Append, +Read and -Create.

    I want to set permissions such that users can:

    * List files in the folder.
    * Edit a file saving the changes.
    * Not create new files, folders, etc.
    * Not delete anything.

    I tried setting "normal" permissions on the folder for my test user, then created a new set of permissions by clicking the Advanced button, using the following settings:

    * Deny Create Files/Write Data.
    * Deny Delete Sub Folders and Files.
    * Deny Delete.

    I then click the "Apply permission entries to all child objects....".

    I can not create new files, which is good, however I can not append data to existing files.

    Is there something I can set to enable Appending?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Cannot set NTFS permissions for +Append, +Read and -Create.

    This is a tough one..and cannot be solved by setting NTFS permissions on folders and subfolders only. You need to do this 2-way:

    First set NTFS permissions on the folder ONLY:
    DENY create files / write data
    DENY create folders / append data
    DENY delete subfolders and files
    DENY delete
    ALLOW traverse folder /execute files
    ALLOW list folder / read data
    ALLOW read attributes
    ALLOW read extended attributes
    ALLOW read permissions

    secondly set NTFS permissions on all specific files ONLY:
    DENY delete
    ALLOW traverse folder /execute files
    ALLOW list folder / read data
    ALLOW read attributes
    ALLOW read extended attributes
    ALLOW create files / write data
    ALLOW create folders / append data
    ALLOW write attributes
    ALLOW write extended attributes
    ALLOW read permissions

    Welcome to NTFS HELL

    bio..

    Comment


    • #3
      Re: Cannot set NTFS permissions for +Append, +Read and -Create.

      WOW!! Works perfectly! How did you figure that one out? Is there a utility which we could use to automatically set NTFS permissions like these?

      Thanks!
      |
      +-- JDMils
      |
      +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
      |

      Comment


      • #4
        Re: Cannot set NTFS permissions for +Append, +Read and -Create.

        Originally posted by JDMils View Post
        Is there a utility which we could use to automatically set NTFS permissions like these?

        Thanks!
        A good program is security explorer http://www.scriptlogic.com/products/security-explorer/ but i think its rather pricy. Perhaps you can script it with xcacls ?

        bio..

        Comment


        • #5
          Re: Cannot set NTFS permissions for +Append, +Read and -Create.

          I have come across a problem. When using text files, the security works gr8. But when saving an existing XL workbook, I get the error:

          Microsoft Office XL cannot access the file <FileName>. There are several possible reasons:

          * The filename or path does not exist.
          * The file is being used by another program.
          * The workbook you are trying to save has the same name as a currently open workbook.
          I've checked that the file and path are correct and that there are no other users or processes using the workbook.

          I think this might have something to do with XL trying to save the workbook as a temporary file before deleting the original and renaming the temp to the same name as the original. I can not find anything in any of the event logs.

          Can someone shed some light on this?
          |
          +-- JDMils
          |
          +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
          |

          Comment


          • #6
            Re: Cannot set NTFS permissions for +Append, +Read and -Create.

            Excel, word, powerpoint etc creates temporarly files in the folder where the file is located.
            The users should have the right to create files.
            http://support.microsoft.com/kb/814068

            When Excel saves a file, Excel follow these steps:

            1. Excel creates a randomly named temporary file (for example, Cedd4100 with no file name extension) in the destination folder that you specified in the Save As dialog box. The whole workbook is written to the temporary file.
            2. If changes are being saved to an existing file, Excel deletes the original file.
            3. Excel renames the temporary file. Excel gives the temporary file the file name that you specified (such as Book1.xls) in the Save As dialog box.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X