Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NTFS/Security permissions not applying equally

Posted on 2016-08-11
4
Medium Priority
?
63 Views
Last Modified: 2016-08-11
The root problem I'm trying to solve is that I have an excel file which needs to be updated by many users, keeps getting deleted or moved.  I'm trying to lock it down so users can open and write to it, but can't accidentally be deleted or moved.

File structure is a directory which contains an Excel file, and some additional subdirectories.  Files are on a Server 2012R2 file server

I've created two security groups, one with full access (admins) to everything.  The other security group (users) has Read & Execute, Read, and Write permissions.  The permissions for admins group is applied to the top directory and allowed to inherit to all directories, subdirs, and files.  Users group is also applied at top directory, and access is set to only "This folder and files" - as they should not access subfolders or any other files.  No issues at all with admins group.

I created a file test1.txt and set users group permissions as described above for that file only (for testing); it works as intended (i.e. users can open and edit file, can save file - can't move or delete file).  
So I created test2.txt and set users group permissions as describe above at the directory and allowed to inherit to test files it works as intended.  
So here's the problem: I created testexcel.xlsx with users group permissions (I tried at the file and inherited), but users can't save file.

Why are permissions not working the same with my Excel files as with my test.txt files?
0
Comment
Question by:Geisrud
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 41752929
What you're planning is not possible with Excel and NTFS, sorry.
Excel saves a file by first writing to a temporary file, and once that's successfully finished, the original file will be deleted and the new/temporary file renamed to the original name.
In other words: with every save, you get a new file, which will obviously inherit the permissions from the folder.
This means as well that the user requires delete permissions for the files being processed.
0
 
LVL 14

Author Comment

by:Geisrud
ID: 41752932
Makes sense, I was aware of the temp file, but not the rest of that saving process.

Could you provide any further insight on accomplishing my goal of protecting that file?

Thanks!

Side note, that may help explain why this directory is populating with odd .tmp files that aren't going away
0
 
LVL 85

Expert Comment

by:oBdA
ID: 41752975
There's nothing you can do with NTFS to protect that file, because it is constantly getting deleted, and this is required to be able to work with it.
You can use shadow copies/previous versions or maybe a job that copies the file every x minutes to a safe location.
0
 
LVL 14

Author Comment

by:Geisrud
ID: 41752982
Thanks - we already have shadow copy in place, which we've been using to recover the deleted file.  The only problem with that is the file is updated so frequently, that some updates can be lost since the most recent backup.

I guess those are the breaks.  Thanks for all the help and insight!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question