Advanced security permissions in Windows 2000 server

Archived from groups: microsoft.public.win2000.security (More info?)

Seems that part of the advanced security permissions for
Windows 2000 server don't work properly. I'm reffering at
Create Files \ Write Data and Create Folders \ Append
Data. You may append just in case Delete is checked but in
that case you may delete the file itself.
So is it possible to set permissions to a folder such way
that you may add \create files append data but not delete
the file?
3 answers Last reply
More about advanced security permissions windows 2000 server
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Try it the way Dmitry suggested, but be aware that client can still open
    file, erase all content and save the file. In either case you lose the
    content of the file.

    Mike

    "Andrew" <anonymous@discussions.microsoft.com> wrote in message
    news:9d9801c4867c$bb311800$a601280a@phx.gbl...
    > Seems that part of the advanced security permissions for
    > Windows 2000 server don't work properly. I'm reffering at
    > Create Files \ Write Data and Create Folders \ Append
    > Data. You may append just in case Delete is checked but in
    > that case you may delete the file itself.
    > So is it possible to set permissions to a folder such way
    > that you may add \create files append data but not delete
    > the file?
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    I tried it and I can confirm it's not working as suppose
    to. You are right but that's exactly my problem...
    When you check the append box it will create a temp file
    and a new empty file if you rename your initial file.
    You may get rid of that temp file if you create two group
    of permissions one for folders and subfolders and one for
    files only but still you get that empty renamed file if
    you append something. Deleting a file as a owner is not an
    option since in my environment it's not supposed to be
    done. A solution would be to manually or using a script to
    delete all files with 0 size.


    >-----Original Message-----
    >You should also be aware that for any file created, the
    user who created it
    >is the owner, and thus can set any permissions on the
    file - including Full
    >Control to self, and then just delete the file.
    >
    >--
    >Dmitry Korolyov [d__k@removethispart.mail.ru]
    >MVP: Windows Server - Active Directory
    >
    >
    > "Miha Pihler" <mihap-news@atlantis.si> wrote in message
    >news:eSnLQTrhEHA.3612@TK2MSFTNGP12.phx.gbl...
    > Try it the way Dmitry suggested, but be aware that
    client can still open
    > file, erase all content and save the file. In either
    case you lose the
    > content of the file.
    >
    > Mike
    >
    > "Andrew" <anonymous@discussions.microsoft.com> wrote in
    message
    > news:9d9801c4867c$bb311800$a601280a@phx.gbl...
    > > Seems that part of the advanced security permissions
    for
    > > Windows 2000 server don't work properly. I'm
    reffering at
    > > Create Files \ Write Data and Create Folders \ Append
    > > Data. You may append just in case Delete is checked
    but in
    > > that case you may delete the file itself.
    > > So is it possible to set permissions to a folder such
    way
    > > that you may add \create files append data but not
    delete
    > > the file?
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    If a user has write permissions then they have the append data permission and can
    create files. Write permission does not allow a user to delete a file. You can see
    that if you issue a group write permissions and look at there permissions in the
    advanced page. If creator owner is present, then the user who creates the file will
    receive creator owner permissions also which usually are full control. You can change
    the permissions for creator owner or remove it. Of course the owner of a file can
    always change permissions IF he knows how and in XP Pro you can use Group Policy to
    hide the security tab to a folder, though a resourceful user may still figure out how
    to use command line tools. --- Steve


    "Andrew" <anonymous@discussions.microsoft.com> wrote in message
    news:9d9801c4867c$bb311800$a601280a@phx.gbl...
    > Seems that part of the advanced security permissions for
    > Windows 2000 server don't work properly. I'm reffering at
    > Create Files \ Write Data and Create Folders \ Append
    > Data. You may append just in case Delete is checked but in
    > that case you may delete the file itself.
    > So is it possible to set permissions to a folder such way
    > that you may add \create files append data but not delete
    > the file?
Ask a new question

Read More

Permissions Security Windows 2000 Servers Windows