Best practice for locking down application shared drive

We are in the process of locking down and organizing our network shares. We've gotten them all organized and locked down except for the one houses all the program files.

How do you go about this as some programs require write access to certain folders where flat files are kept and local access DB are edited. There programs don't usually run as a service.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

we do the same for our applications share as we do for our users/file server shares. Create a group for each application and apply it to the folder. Add the users to the group that require access to this particular system and hey presto.

You may need to experiment with permissions levels eg what needs just write permissions or full control permissions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Justin OwensITIL Problem ManagerCommented:
This article describes the thought processes and philosophies you need to adopt when deploying new security policies and templates.

Your issue is going to be several fold.  First, you will need to identify what type of access is needed on what folders, files, and registry keys (yes, sometimes programs need administrative rights to the HKLM hive).  You can go about this via the trial and error method or by contacting the vendor/developer of the application(s).  You can also use various monitoring tools to "discover" changes made to your system while that/those program(s) is/are in use.  You can use things like ProcMon and ProcExp from the SysInternals Suite.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.