Use NTFS permissions to lock down folder

Hello

I have a Windows 2003 SP2 server. An application on there writes daily logs to D:\App1\logs.

I would like to lock down the folder so that only one AD group - say Domain\Server1Admins can read the log files. But - at the same time - I don't want to interfere with the application's ability to write these log files.

Does anyone know how I can do this ? Are there any specfic system accounts I need to grant permission to - and what permissions do I need to allow?
LVL 2
bruce_77Asked:
Who is Participating?
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
You need to grant permission to the account that writes the logs (or the account must be a member of the group).  What account does the program run under?  One way you might tell if you don't know, look at the properties of the log files for the OWNER of the file - that's the account the file is written as.  (That's probably the safest method for determining... you can also look at your list of services to see what account it runs as, assuming it's a service).
0
 
modruConnect With a Mentor Commented:
As long as the application is running under an account of the local server's administrative group, it will still be able to write information to any directory, even if you modify the NTFS permissions of that directory to be read only to everyone except Domain\Server1Admins.

1) Modify the NTFS permissions on the directory to Read Only for Everyone or Domain Users
2) Set the application to Run as a Service
3) The account the application uses to run must be a member of the local server's Administrators group
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.