?
Solved

How do set up security for special folder?

Posted on 2003-02-20
9
Medium Priority
?
216 Views
Last Modified: 2010-04-13
Hello:

I need to setup a folder on our server that is designed to contain evidentiary digital photos.  That means that the photos are in a secure location and cannot be messed with.  What I would like to do, however, is allow people access to VIEW the photos, but ensure that they are not going to change them.

The user will use a specific machine to download the photos from their camera to the server.  I would like to somehow allow them to write the photos into the folder, but keep them from viewing the contents or making any changes to the contents.

Then, for all of the other machines in the domain, I would like users to be able to access the folder so that they can examine the photos, but secure it so that they cannot change ANYTHING in the photo, or any file information attached to the photo.

Currently I have a share on the server - I just don't know what to set the permissions as...

Thanks in advance.

Dan
0
Comment
Question by:ddotson
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 41

Expert Comment

by:stevenlewis
ID: 7991403
you need to set the permissions
everybody = read
the users that you want to be able to upload the files to have read and write only
suggets you create a group that includes the users you want to be albe to have write, and add thsoe users to the group, and give that group read and write
and as I said, everyone group, just read
set up a test foledr and test it,and then impliment it
0
 
LVL 1

Expert Comment

by:guernseypost
ID: 7994232
Sounds like a simple readonly setup, except for the person downloading the original photos.

Create a test folder
go into security tab, clear the list
go into advanced
- add whatever group for the camera user
- click view/edit button
- enable list folder and read data

This will let them create files but not read them or change them.

Other users can just have read-only access.

Try it first though.
0
 
LVL 1

Accepted Solution

by:
guernseypost earned 300 total points
ID: 7994242
doh - sorry missed an important permission to enable - see below.

Create a test folder
go into security tab, clear the list
go into advanced
- add whatever group for the camera user
- click view/edit button
- enable "list folder/read data" and "create files/write data"
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Expert Comment

by:guernseypost
ID: 7994269
Oh yeah - just noticed moving a file into the folder seems to take it's permissions with it (if that includes read then they can read it). Copying a file is ok as it inherits the folder permissions.

Like I said - try it until you are happy.

Cheers,

Mike.
0
 

Author Comment

by:ddotson
ID: 8001758
Can I set the permission for a specific machine?  I want all users to have the ability to add photos from a specific machine.  I would like the same users to have read only access from the rest of the network.
0
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8001896
No, permissions are applied to groups and users
0
 
LVL 1

Expert Comment

by:guernseypost
ID: 8007425
How about you put the share on the specific machine (I'll call it "photo PC") they will add photos to. You can set the special permissions on the local folder as above. The photos are added to (for example) D:\photos. It needs to be on a NTFS partition for folder security to work.

From other machines they will be accessing the share on the photo PC (with its own permissions, which would be read only).

0
 

Author Comment

by:ddotson
ID: 8029654
Guernseypost:

That's wouldn't work - we need high availability - plus, it sounds like it would be the same result (at least to the end user).

So - since I can't set permissions for a machine, then what about this idea:

Create a user account that has the appropriate write access.  The user logs into the photo machine, dumps their photos onto the server, and then has to log off and log back on with their own accounts to have access.

That sounds easy.  WHat sounds difficult (or impossible) is making that special account have the ability to copy the photos into the folder, but not be able to open the folder or open any of the files once they get into the folder.

And in light that moving the photos takes their permissions with them, and copying them makes them inherit permissions, how is that going to play?  I thought of making a batch file that copies all of the photos off of the memory card into the folder.  Is there a way to elevate the authority of the batch file, so that it can write files and no one else?  I could use it to make the files read only too.  This is complicated.
0
 

Author Comment

by:ddotson
ID: 8118348
Well, I wasn't able to get the folders working like I wanted.  I know the Mac has a "drop box" feature.  Maybe windows will tag along some day.  I think the problem is that they bundle some of their permissions together.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question