Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NTFS permissions for file copy and append but not read

Posted on 2012-03-29
4
Medium Priority
?
666 Views
Last Modified: 2012-03-29
I've set up a scheduled robocopy batch file to copy files modified in the last three days from XP workstations to Server 2008 directories over a VPN.  I have the results appended to a log file on both sides.  

I'd like to set the permissions on the 2008 directories to allow the files to be copied and the log files to be appended but I don't want the end users to be able to browse their directories. Ideally I'd like their directory to appear empty of subfolders but if it's not possible, it'll have to do.  As of now I have each user set with special permissions (applied to subfolders and files) to:

List Folder/Read Data
Create Files/Write Data
Create Folders/Append Data

but I receive an access denied when using the batch file.  Is this possible or should I just figure out a different way?  FWIW I'm more interested in keeping unauthorized users from the directories, not so much the actual end users (I'm thinking someone that gets access to the machine when the normal user is away from keyboard).
0
Comment
Question by:Formic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 37782824
Goto to Admin Tools>Share and Storage Management Snapin, Click on the folder, on right hand pane, click properties, goto permission tab and set the ntfs permission and check again.
0
 
LVL 9

Accepted Solution

by:
Geodash earned 2000 total points
ID: 37782837
Setup a new user to run the script under

Run the script as a user with permissions that you have defined in NTFS

deny the end users access through NTFS

Take a look here

http://www.sevenforums.com/general-discussion/12936-how-run-batch-file-admin.html
0
 

Author Comment

by:Formic
ID: 37782988
Thanks for the reply, but I realize I need to add more detail to my question.  

I have the TLD shared and accessible to all the users explicitly without inheriting down.  Then I have each directory for the users not shared and restricted to each user.  Example:

BACKUPS (Shared, Full Control, All users) - User1 (No share, Admin full, User1 Write)
                                                                                     - User2 (No Share, Admin full, User2 Write)


The snap-in doesn't allow me to manage each of the user folders because they are not shared.

Geodash:  I like your solution.  This isn't an AD environment so it's a little trickier than normal, as all the workstations have been set up randomly by different outsourced IT people over the years and the admin passes and users are a bit of a mess.  I'm new at this company, trying to clean it up and make it run correctly so it looks like I'll have to make a trip to each location to get them set up properly for this to work.

Thanks for the suggestions.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37783086
Good Luck. I love clean-up projects! :-)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question