Re: One for the NTFS permissions gurus.
- From: "Vanguard" <no@xxxxxxxxxxxx>
- Date: Mon, 8 Jan 2007 19:30:45 -0600
"Ian" <Ian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:8CC06FC6-36BE-4D85-9FA5-1FA1E99B68AE@xxxxxxxxxxxxxxxx
A workstation backup-script runs under the logged-on user's credentials, and
copies the user's important data to a subfolder of a server-share. When a new
user logs-on the script creates a new subfolder based on the username.
This has been working for a long time and is a very useful precaution, but
the security isn't too good in that knowledgeable users could in principle
access other people's backups with a bit of poking-around.
What I want to do is to set the permissions on the parent folder (the shared
one) so that when the script creates a new user-folder the permissions on
this will be such that Administrators and the folder's owner have full
control, but other users have no rights.
Is this possible? I've tried all combinations of rights I can think of, but
none seem to achieve this goal. The Administrators rights are no problem, but
the new folder cannot be created unless Authenticated Users or Everyone are
granted rights to subfolders - which defeats the purpose.
I'm thinking along the lines that a process running on the server could scan
the tree periodically and change the folder-rights according to the owner of
the contents, but that's a clunky solution. There ought to be a way to do
this with permissions.. but I if so I can't seem to find it. Any ideas?
Might the 'cacls' command in your script do what you want to set access control list on the folder?
.
- Prev by Date: Re: Please Help - I have networked my laptop to my pc and can only
- Next by Date: Re: Windows Update
- Previous by thread: Re: Admin user
- Next by thread: Re: One for the NTFS permissions gurus.
- Index(es):
Relevant Pages
|
