Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 655
  • Last Modified:

Execute Permissions without Read Permissions on a Shared Folder?

I have a network folder with Transcender Exams in it that is shared for Authenticated Users.  Each user has a Transcender Client installed on their desktop which then access the contents of the shared folder, individual exams, that allows the user to take practice test.

My issue is I don't want my users to copy the Transcender exams and take them home.  I would like to limit their ability to copy the contents of the shared folder, however they need to be able to execte the shared folders contetns.  Is this possible?  Execute without Read permissions on a Windows 2003 Server shared folder?  User are using XP Pro.

1 Solution
I don't thinks so, since the file must first be read by the system in order to be executed.  Hence the invention of DRM for media files.
rmeffordAuthor Commented:
What is DRM?
digital rights management (copy protection within the media file).
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

I beleive that ACL Permissions for an NTSF folder can be set so that you can execute but not read using what is called a "special permission". It may require creating a group and setting a group permission for the folder and then adding your test taking users to that group. The Microsoft web site describes using the "special permission" called the "Traverse Folder/Execute File" permission type as separate from the "Read" permission type. The exact description from the Mircrosoft site is reproduced below, with the URL to that page following it. Also below is the Microsoft URL wiith the instructions for setting "special permissions".

"Permission Description
Traverse Folder/Execute File For folders: Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders. (Applies to folders only.) Traverse folder takes effect only when the group or user is not granted the Bypass traverse checking user right in the Group Policy snap-in. (By default, the Everyone group is given the Bypass traverse checking user right.)
For files: Execute File allows or denies running program files. (Applies to files only).

Setting the Traverse Folder permission on a folder does not automatically set the Execute File permission on all files within that folder."


Instructions on how to "set, view, or change special permissions"

Why not block access to the floppy drive and USB ports via GPO? They couldn't copy the files to anything locally even if they wanted to?
rmeffordAuthor Commented:
Slydog, great question.  I work for a technology consulting company, my end users are pretty savy and need to copy files and applications almost hourly.  Is there a way to do this for just one shared drive?


Your information was helpful, but I am still unable to kick of the executabe with just the Traverse/Execuateable permission along with view contents.  Any thoughts or idea?


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now