• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

How do set up security for special folder?

Hello:

I need to setup a folder on our server that is designed to contain evidentiary digital photos.  That means that the photos are in a secure location and cannot be messed with.  What I would like to do, however, is allow people access to VIEW the photos, but ensure that they are not going to change them.

The user will use a specific machine to download the photos from their camera to the server.  I would like to somehow allow them to write the photos into the folder, but keep them from viewing the contents or making any changes to the contents.

Then, for all of the other machines in the domain, I would like users to be able to access the folder so that they can examine the photos, but secure it so that they cannot change ANYTHING in the photo, or any file information attached to the photo.

Currently I have a share on the server - I just don't know what to set the permissions as...

Thanks in advance.

Dan
0
ddotson
Asked:
ddotson
  • 4
  • 3
  • 2
1 Solution
 
stevenlewisCommented:
you need to set the permissions
everybody = read
the users that you want to be able to upload the files to have read and write only
suggets you create a group that includes the users you want to be albe to have write, and add thsoe users to the group, and give that group read and write
and as I said, everyone group, just read
set up a test foledr and test it,and then impliment it
0
 
guernseypostCommented:
Sounds like a simple readonly setup, except for the person downloading the original photos.

Create a test folder
go into security tab, clear the list
go into advanced
- add whatever group for the camera user
- click view/edit button
- enable list folder and read data

This will let them create files but not read them or change them.

Other users can just have read-only access.

Try it first though.
0
 
guernseypostCommented:
doh - sorry missed an important permission to enable - see below.

Create a test folder
go into security tab, clear the list
go into advanced
- add whatever group for the camera user
- click view/edit button
- enable "list folder/read data" and "create files/write data"
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
guernseypostCommented:
Oh yeah - just noticed moving a file into the folder seems to take it's permissions with it (if that includes read then they can read it). Copying a file is ok as it inherits the folder permissions.

Like I said - try it until you are happy.

Cheers,

Mike.
0
 
ddotsonAuthor Commented:
Can I set the permission for a specific machine?  I want all users to have the ability to add photos from a specific machine.  I would like the same users to have read only access from the rest of the network.
0
 
stevenlewisCommented:
No, permissions are applied to groups and users
0
 
guernseypostCommented:
How about you put the share on the specific machine (I'll call it "photo PC") they will add photos to. You can set the special permissions on the local folder as above. The photos are added to (for example) D:\photos. It needs to be on a NTFS partition for folder security to work.

From other machines they will be accessing the share on the photo PC (with its own permissions, which would be read only).

0
 
ddotsonAuthor Commented:
Guernseypost:

That's wouldn't work - we need high availability - plus, it sounds like it would be the same result (at least to the end user).

So - since I can't set permissions for a machine, then what about this idea:

Create a user account that has the appropriate write access.  The user logs into the photo machine, dumps their photos onto the server, and then has to log off and log back on with their own accounts to have access.

That sounds easy.  WHat sounds difficult (or impossible) is making that special account have the ability to copy the photos into the folder, but not be able to open the folder or open any of the files once they get into the folder.

And in light that moving the photos takes their permissions with them, and copying them makes them inherit permissions, how is that going to play?  I thought of making a batch file that copies all of the photos off of the memory card into the folder.  Is there a way to elevate the authority of the batch file, so that it can write files and no one else?  I could use it to make the files read only too.  This is complicated.
0
 
ddotsonAuthor Commented:
Well, I wasn't able to get the folders working like I wanted.  I know the Mac has a "drop box" feature.  Maybe windows will tag along some day.  I think the problem is that they bundle some of their permissions together.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now