Execute Permissions without Read Permissions on a Shared Folder?

Posted on 2005-03-24
Medium Priority
Last Modified: 2008-03-17

I have a network folder with Transcender Exams in it that is shared for Authenticated Users.  Each user has a Transcender Client installed on their desktop which then access the contents of the shared folder, individual exams, that allows the user to take practice test.

My issue is I don't want my users to copy the Transcender exams and take them home.  I would like to limit their ability to copy the contents of the shared folder, however they need to be able to execte the shared folders contetns.  Is this possible?  Execute without Read permissions on a Windows 2003 Server shared folder?  User are using XP Pro.

Question by:rmefford
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 13622857
I don't thinks so, since the file must first be read by the system in order to be executed.  Hence the invention of DRM for media files.

Author Comment

ID: 13622878
What is DRM?

Expert Comment

ID: 13623668
digital rights management (copy protection within the media file).
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Accepted Solution

massivegood earned 750 total points
ID: 13624411
I beleive that ACL Permissions for an NTSF folder can be set so that you can execute but not read using what is called a "special permission". It may require creating a group and setting a group permission for the folder and then adding your test taking users to that group. The Microsoft web site describes using the "special permission" called the "Traverse Folder/Execute File" permission type as separate from the "Read" permission type. The exact description from the Mircrosoft site is reproduced below, with the URL to that page following it. Also below is the Microsoft URL wiith the instructions for setting "special permissions".

"Permission Description
Traverse Folder/Execute File For folders: Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders. (Applies to folders only.) Traverse folder takes effect only when the group or user is not granted the Bypass traverse checking user right in the Group Policy snap-in. (By default, the Everyone group is given the Bypass traverse checking user right.)
For files: Execute File allows or denies running program files. (Applies to files only).

Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder."


Instructions on how to "set, view, or change special permissions"


Expert Comment

ID: 13628107
Why not block access to the floppy drive and USB ports via GPO? They couldn't copy the files to anything locally even if they wanted to?

Author Comment

ID: 13629973
Slydog, great question.  I work for a technology consulting company, my end users are pretty savy and need to copy files and applications almost hourly.  Is there a way to do this for just one shared drive?


Your information was helpful, but I am still unable to kick of the executabe with just the Traverse/Execuateable permission along with view contents.  Any thoughts or idea?


Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
This program is used to assist in finding and resolving common problems with wireless connections.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question