NTFS permissions for file copy and append but not read

I've set up a scheduled robocopy batch file to copy files modified in the last three days from XP workstations to Server 2008 directories over a VPN.  I have the results appended to a log file on both sides.  

I'd like to set the permissions on the 2008 directories to allow the files to be copied and the log files to be appended but I don't want the end users to be able to browse their directories. Ideally I'd like their directory to appear empty of subfolders but if it's not possible, it'll have to do.  As of now I have each user set with special permissions (applied to subfolders and files) to:

List Folder/Read Data
Create Files/Write Data
Create Folders/Append Data

but I receive an access denied when using the batch file.  Is this possible or should I just figure out a different way?  FWIW I'm more interested in keeping unauthorized users from the directories, not so much the actual end users (I'm thinking someone that gets access to the machine when the normal user is away from keyboard).
FormicAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Goto to Admin Tools>Share and Storage Management Snapin, Click on the folder, on right hand pane, click properties, goto permission tab and set the ntfs permission and check again.
0
GeodashCommented:
Setup a new user to run the script under

Run the script as a user with permissions that you have defined in NTFS

deny the end users access through NTFS

Take a look here

http://www.sevenforums.com/general-discussion/12936-how-run-batch-file-admin.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FormicAuthor Commented:
Thanks for the reply, but I realize I need to add more detail to my question.  

I have the TLD shared and accessible to all the users explicitly without inheriting down.  Then I have each directory for the users not shared and restricted to each user.  Example:

BACKUPS (Shared, Full Control, All users) - User1 (No share, Admin full, User1 Write)
                                                                                     - User2 (No Share, Admin full, User2 Write)


The snap-in doesn't allow me to manage each of the user folders because they are not shared.

Geodash:  I like your solution.  This isn't an AD environment so it's a little trickier than normal, as all the workstations have been set up randomly by different outsourced IT people over the years and the admin passes and users are a bit of a mess.  I'm new at this company, trying to clean it up and make it run correctly so it looks like I'll have to make a trip to each location to get them set up properly for this to work.

Thanks for the suggestions.
0
GeodashCommented:
Good Luck. I love clean-up projects! :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.