We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Folder security over file security

Medium Priority
347 Views
Last Modified: 2010-08-05
Anyone out there know of a good white paper or similar that belongs to microsoft explaining why it is better to use folder security over file security ?
Comment
Watch Question

kevwitData Science Solutions Manager

Commented:
Are you sure you aren't referering to "Shared Folder" security as opposed to NTFS security.  NTFS security is preferred as opposed to Shared folder permissions because the most restrictive rights will become the effective rights.  Folder permissions are obviously preferred because of inheritance, but I don't remember any specific instructions directing that.  It is just a rule that is inferred.

Thank you,

Kevin
Microsoft Systems Engineer

Author

Commented:
OK I'll try to explain what is going on.

One folder with four files. ( All Excel ).

About 10 diferent people with diferent ntfs permissions on each file.

I created 8 security groups. Two per file. 1 for Read Only and the other for RW.

In share permission, folder security and file security the groups have been added with their respective permissions. Everything is ok until someone with RW permissions opens one of the files.

A new file (ie: 1d45008e) is created. So far so good. When the  user exists execl the file continues to exist and the user cannot delete it.

Commented:
As far as i know Microsft applications like Microsoft office allows you to password your files but Microsft OS does not extend this feature to folders.
AB

Author

Commented:
The section manager does not accept this as a solution. I had previously suggested this. We ended up having a row. He is the boss ! So I'm stuffed !
If I understand correctly, the problem occurs because Excel creates a temporary file during the save process, this file is then later supposed to be named to the actual name of the file once the save completes, and the temp file is deleted but the creator of the temporary file does not have permission to delete.

Info on how excel saves files:  http://support.microsoft.com/default.aspx?id=814068

My Suggestion:

Set the share permissions to 'allow everyone', then we set the NTFS permissions on the directory to restrict this.

Under directory security (not share security), set the permissions for Read/Read Write as per your group settings, BUT ensure that the user "CREATE OWNER" has delete permissions for any files in the directory that he/she creates. The user does not need delete permission for the specific excel file however.

When the temp file is created it will be created under the "CREATE OWNER" and when excel tries to delete it - it will have the necessary permission

I don't think there is a preferred 'folder' security vs 'file security', but certainly folder security is less cumbersome because you don't have to set individual permissions on every file. I don't really see any value in SHARE level security, it was useful before the days of NTFS, but now I just set all my permissions through NTFS, but this is just my opinion.

Hope this helps,

Brad D.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Excelente, thanx and Cheers.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.