Solved

Use NTFS permissions to lock down folder

Posted on 2010-08-15
2
512 Views
Last Modified: 2012-05-10
Hello

I have a Windows 2003 SP2 server. An application on there writes daily logs to D:\App1\logs.

I would like to lock down the folder so that only one AD group - say Domain\Server1Admins can read the log files. But - at the same time - I don't want to interfere with the application's ability to write these log files.

Does anyone know how I can do this ? Are there any specfic system accounts I need to grant permission to - and what permissions do I need to allow?
0
Comment
Question by:bruce_77
2 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 250 total points
ID: 33441286
You need to grant permission to the account that writes the logs (or the account must be a member of the group).  What account does the program run under?  One way you might tell if you don't know, look at the properties of the log files for the OWNER of the file - that's the account the file is written as.  (That's probably the safest method for determining... you can also look at your list of services to see what account it runs as, assuming it's a service).
0
 
LVL 2

Assisted Solution

by:modru
modru earned 250 total points
ID: 33441435
As long as the application is running under an account of the local server's administrative group, it will still be able to write information to any directory, even if you modify the NTFS permissions of that directory to be read only to everyone except Domain\Server1Admins.

1) Modify the NTFS permissions on the directory to Read Only for Everyone or Domain Users
2) Set the application to Run as a Service
3) The account the application uses to run must be a member of the local server's Administrators group
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSIS package failing 3 121
idle mapped drive 10 58
change home folder path 4 55
Unexpected Windows system folders on D drive 16 84
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question