• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 227
  • Last Modified:

Group Policy question

Hi, im designing a new small network (Testing lab max 10 users). We have multiple software applications and im trying to protect certain files from being updated/changed by users. I'll try and explain that a little better. We use Tomcat for instance as our Webserver. Tomcat has a number of configuration files that hold key information like what port it should run on. I would like to make that config file read only to normal users and only the administrator can edit it, ie change the port number in the config file. I do not want to physically move the file to a seperate folder because tomcat needs it in a particular place. In some instances these files are updated by the software so they will need write access. Could anyone advise me how to do this
1 Solution
You can create a startup script and assign it to the OU the workstations are in and use DSACLS.EXE (part of Windows Support Tools) to assign permissions.
This sounds like just access permission and may not need get involve with group policy.
You just need to set the permission READ to end users such as "everyone", "authenticated users", "domain users", or the "Users" of the server. The "Administrators" group of your server by default have full access to everything on your server and you should be fine. Now the question is when you said the file need write access during software update, if you as the administrator logged on to the server and do the software update, then it won't be a problem.
Also, setting file level permission is usually high maintenance and as long as the software update do not delete and replace the file or rename it to something else, you should be fine. It just that some software upgrade do rename certain file and replace those file from time to time. If that's that case, I suggest you set the permission on the folder level to be safe.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now