Sign in with
Sign up | Sign in
Your question

Advanced security permissions in Windows 2000 server

Last response: in Windows 2000/NT
Share
August 20, 2004 3:12:54 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Seems that part of the advanced security permissions for
Windows 2000 server don't work properly. I'm reffering at
Create Files \ Write Data and Create Folders \ Append
Data. You may append just in case Delete is checked but in
that case you may delete the file itself.
So is it possible to set permissions to a folder such way
that you may add \create files append data but not delete
the file?
Anonymous
a b 8 Security
August 20, 2004 6:54:18 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Try it the way Dmitry suggested, but be aware that client can still open
file, erase all content and save the file. In either case you lose the
content of the file.

Mike

"Andrew" <anonymous@discussions.microsoft.com> wrote in message
news:9d9801c4867c$bb311800$a601280a@phx.gbl...
> Seems that part of the advanced security permissions for
> Windows 2000 server don't work properly. I'm reffering at
> Create Files \ Write Data and Create Folders \ Append
> Data. You may append just in case Delete is checked but in
> that case you may delete the file itself.
> So is it possible to set permissions to a folder such way
> that you may add \create files append data but not delete
> the file?
Anonymous
a b 8 Security
August 20, 2004 6:54:19 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I tried it and I can confirm it's not working as suppose
to. You are right but that's exactly my problem...
When you check the append box it will create a temp file
and a new empty file if you rename your initial file.
You may get rid of that temp file if you create two group
of permissions one for folders and subfolders and one for
files only but still you get that empty renamed file if
you append something. Deleting a file as a owner is not an
option since in my environment it's not supposed to be
done. A solution would be to manually or using a script to
delete all files with 0 size.


>-----Original Message-----
>You should also be aware that for any file created, the
user who created it
>is the owner, and thus can set any permissions on the
file - including Full
>Control to self, and then just delete the file.
>
>--
>Dmitry Korolyov [d__k@removethispart.mail.ru]
>MVP: Windows Server - Active Directory
>
>
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
>news:eSnLQTrhEHA.3612@TK2MSFTNGP12.phx.gbl...
> Try it the way Dmitry suggested, but be aware that
client can still open
> file, erase all content and save the file. In either
case you lose the
> content of the file.
>
> Mike
>
> "Andrew" <anonymous@discussions.microsoft.com> wrote in
message
> news:9d9801c4867c$bb311800$a601280a@phx.gbl...
> > Seems that part of the advanced security permissions
for
> > Windows 2000 server don't work properly. I'm
reffering at
> > Create Files \ Write Data and Create Folders \ Append
> > Data. You may append just in case Delete is checked
but in
> > that case you may delete the file itself.
> > So is it possible to set permissions to a folder such
way
> > that you may add \create files append data but not
delete
> > the file?
>
>
Anonymous
a b 8 Security
August 20, 2004 7:46:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

If a user has write permissions then they have the append data permission and can
create files. Write permission does not allow a user to delete a file. You can see
that if you issue a group write permissions and look at there permissions in the
advanced page. If creator owner is present, then the user who creates the file will
receive creator owner permissions also which usually are full control. You can change
the permissions for creator owner or remove it. Of course the owner of a file can
always change permissions IF he knows how and in XP Pro you can use Group Policy to
hide the security tab to a folder, though a resourceful user may still figure out how
to use command line tools. --- Steve


"Andrew" <anonymous@discussions.microsoft.com> wrote in message
news:9d9801c4867c$bb311800$a601280a@phx.gbl...
> Seems that part of the advanced security permissions for
> Windows 2000 server don't work properly. I'm reffering at
> Create Files \ Write Data and Create Folders \ Append
> Data. You may append just in case Delete is checked but in
> that case you may delete the file itself.
> So is it possible to set permissions to a folder such way
> that you may add \create files append data but not delete
> the file?
!