Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Folder security over file security

Posted on 2006-04-04
Medium Priority
Last Modified: 2010-08-05
Anyone out there know of a good white paper or similar that belongs to microsoft explaining why it is better to use folder security over file security ?
Question by:arturmmaia

Expert Comment

ID: 16374694
Are you sure you aren't referering to "Shared Folder" security as opposed to NTFS security.  NTFS security is preferred as opposed to Shared folder permissions because the most restrictive rights will become the effective rights.  Folder permissions are obviously preferred because of inheritance, but I don't remember any specific instructions directing that.  It is just a rule that is inferred.

Thank you,

Microsoft Systems Engineer

Author Comment

ID: 16379299
OK I'll try to explain what is going on.

One folder with four files. ( All Excel ).

About 10 diferent people with diferent ntfs permissions on each file.

I created 8 security groups. Two per file. 1 for Read Only and the other for RW.

In share permission, folder security and file security the groups have been added with their respective permissions. Everything is ok until someone with RW permissions opens one of the files.

A new file (ie: 1d45008e) is created. So far so good. When the  user exists execl the file continues to exist and the user cannot delete it.

Expert Comment

ID: 16379442
As far as i know Microsft applications like Microsoft office allows you to password your files but Microsft OS does not extend this feature to folders.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 16379454
The section manager does not accept this as a solution. I had previously suggested this. We ended up having a row. He is the boss ! So I'm stuffed !

Accepted Solution

bdetchevery earned 2000 total points
ID: 16385319
If I understand correctly, the problem occurs because Excel creates a temporary file during the save process, this file is then later supposed to be named to the actual name of the file once the save completes, and the temp file is deleted but the creator of the temporary file does not have permission to delete.

Info on how excel saves files:  http://support.microsoft.com/default.aspx?id=814068

My Suggestion:

Set the share permissions to 'allow everyone', then we set the NTFS permissions on the directory to restrict this.

Under directory security (not share security), set the permissions for Read/Read Write as per your group settings, BUT ensure that the user "CREATE OWNER" has delete permissions for any files in the directory that he/she creates. The user does not need delete permission for the specific excel file however.

When the temp file is created it will be created under the "CREATE OWNER" and when excel tries to delete it - it will have the necessary permission

I don't think there is a preferred 'folder' security vs 'file security', but certainly folder security is less cumbersome because you don't have to set individual permissions on every file. I don't really see any value in SHARE level security, it was useful before the days of NTFS, but now I just set all my permissions through NTFS, but this is just my opinion.

Hope this helps,

Brad D.


Author Comment

ID: 16390683
Excelente, thanx and Cheers.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Spectre and Meltdown, how it affects me and my clients?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question