Link to home
Start Free TrialLog in
Avatar of ddotson
ddotson

asked on

How do set up security for special folder?

Hello:

I need to setup a folder on our server that is designed to contain evidentiary digital photos.  That means that the photos are in a secure location and cannot be messed with.  What I would like to do, however, is allow people access to VIEW the photos, but ensure that they are not going to change them.

The user will use a specific machine to download the photos from their camera to the server.  I would like to somehow allow them to write the photos into the folder, but keep them from viewing the contents or making any changes to the contents.

Then, for all of the other machines in the domain, I would like users to be able to access the folder so that they can examine the photos, but secure it so that they cannot change ANYTHING in the photo, or any file information attached to the photo.

Currently I have a share on the server - I just don't know what to set the permissions as...

Thanks in advance.

Dan
Avatar of stevenlewis
stevenlewis

you need to set the permissions
everybody = read
the users that you want to be able to upload the files to have read and write only
suggets you create a group that includes the users you want to be albe to have write, and add thsoe users to the group, and give that group read and write
and as I said, everyone group, just read
set up a test foledr and test it,and then impliment it
Sounds like a simple readonly setup, except for the person downloading the original photos.

Create a test folder
go into security tab, clear the list
go into advanced
- add whatever group for the camera user
- click view/edit button
- enable list folder and read data

This will let them create files but not read them or change them.

Other users can just have read-only access.

Try it first though.
ASKER CERTIFIED SOLUTION
Avatar of guernseypost
guernseypost
Flag of Guernsey image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Oh yeah - just noticed moving a file into the folder seems to take it's permissions with it (if that includes read then they can read it). Copying a file is ok as it inherits the folder permissions.

Like I said - try it until you are happy.

Cheers,

Mike.
Avatar of ddotson

ASKER

Can I set the permission for a specific machine?  I want all users to have the ability to add photos from a specific machine.  I would like the same users to have read only access from the rest of the network.
No, permissions are applied to groups and users
How about you put the share on the specific machine (I'll call it "photo PC") they will add photos to. You can set the special permissions on the local folder as above. The photos are added to (for example) D:\photos. It needs to be on a NTFS partition for folder security to work.

From other machines they will be accessing the share on the photo PC (with its own permissions, which would be read only).

Avatar of ddotson

ASKER

Guernseypost:

That's wouldn't work - we need high availability - plus, it sounds like it would be the same result (at least to the end user).

So - since I can't set permissions for a machine, then what about this idea:

Create a user account that has the appropriate write access.  The user logs into the photo machine, dumps their photos onto the server, and then has to log off and log back on with their own accounts to have access.

That sounds easy.  WHat sounds difficult (or impossible) is making that special account have the ability to copy the photos into the folder, but not be able to open the folder or open any of the files once they get into the folder.

And in light that moving the photos takes their permissions with them, and copying them makes them inherit permissions, how is that going to play?  I thought of making a batch file that copies all of the photos off of the memory card into the folder.  Is there a way to elevate the authority of the batch file, so that it can write files and no one else?  I could use it to make the files read only too.  This is complicated.
Avatar of ddotson

ASKER

Well, I wasn't able to get the folders working like I wanted.  I know the Mac has a "drop box" feature.  Maybe windows will tag along some day.  I think the problem is that they bundle some of their permissions together.