Folder security over file security

Posted on 2006-04-04
Last Modified: 2010-08-05
Anyone out there know of a good white paper or similar that belongs to microsoft explaining why it is better to use folder security over file security ?
Question by:arturmmaia
    LVL 1

    Expert Comment

    Are you sure you aren't referering to "Shared Folder" security as opposed to NTFS security.  NTFS security is preferred as opposed to Shared folder permissions because the most restrictive rights will become the effective rights.  Folder permissions are obviously preferred because of inheritance, but I don't remember any specific instructions directing that.  It is just a rule that is inferred.

    Thank you,

    Microsoft Systems Engineer

    Author Comment

    OK I'll try to explain what is going on.

    One folder with four files. ( All Excel ).

    About 10 diferent people with diferent ntfs permissions on each file.

    I created 8 security groups. Two per file. 1 for Read Only and the other for RW.

    In share permission, folder security and file security the groups have been added with their respective permissions. Everything is ok until someone with RW permissions opens one of the files.

    A new file (ie: 1d45008e) is created. So far so good. When the  user exists execl the file continues to exist and the user cannot delete it.
    LVL 5

    Expert Comment

    As far as i know Microsft applications like Microsoft office allows you to password your files but Microsft OS does not extend this feature to folders.

    Author Comment

    The section manager does not accept this as a solution. I had previously suggested this. We ended up having a row. He is the boss ! So I'm stuffed !
    LVL 3

    Accepted Solution

    If I understand correctly, the problem occurs because Excel creates a temporary file during the save process, this file is then later supposed to be named to the actual name of the file once the save completes, and the temp file is deleted but the creator of the temporary file does not have permission to delete.

    Info on how excel saves files:

    My Suggestion:

    Set the share permissions to 'allow everyone', then we set the NTFS permissions on the directory to restrict this.

    Under directory security (not share security), set the permissions for Read/Read Write as per your group settings, BUT ensure that the user "CREATE OWNER" has delete permissions for any files in the directory that he/she creates. The user does not need delete permission for the specific excel file however.

    When the temp file is created it will be created under the "CREATE OWNER" and when excel tries to delete it - it will have the necessary permission

    I don't think there is a preferred 'folder' security vs 'file security', but certainly folder security is less cumbersome because you don't have to set individual permissions on every file. I don't really see any value in SHARE level security, it was useful before the days of NTFS, but now I just set all my permissions through NTFS, but this is just my opinion.

    Hope this helps,

    Brad D.


    Author Comment

    Excelente, thanx and Cheers.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now