Solved

Use NTFS permissions to lock down folder

Posted on 2010-08-15
2
510 Views
Last Modified: 2012-05-10
Hello

I have a Windows 2003 SP2 server. An application on there writes daily logs to D:\App1\logs.

I would like to lock down the folder so that only one AD group - say Domain\Server1Admins can read the log files. But - at the same time - I don't want to interfere with the application's ability to write these log files.

Does anyone know how I can do this ? Are there any specfic system accounts I need to grant permission to - and what permissions do I need to allow?
0
Comment
Question by:bruce_77
2 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
Comment Utility
You need to grant permission to the account that writes the logs (or the account must be a member of the group).  What account does the program run under?  One way you might tell if you don't know, look at the properties of the log files for the OWNER of the file - that's the account the file is written as.  (That's probably the safest method for determining... you can also look at your list of services to see what account it runs as, assuming it's a service).
0
 
LVL 2

Assisted Solution

by:modru
modru earned 250 total points
Comment Utility
As long as the application is running under an account of the local server's administrative group, it will still be able to write information to any directory, even if you modify the NTFS permissions of that directory to be read only to everyone except Domain\Server1Admins.

1) Modify the NTFS permissions on the directory to Read Only for Everyone or Domain Users
2) Set the application to Run as a Service
3) The account the application uses to run must be a member of the local server's Administrators group
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now