Re: Junction Points and ACL 'protection' - how?
- From: John John <audetweld@xxxxxxxxxxx>
- Date: Sun, 24 Feb 2008 11:58:34 -0400
You're welcome, thanks for letting us know how you got around the problem.
John
Cwebb wrote:
I've found a good alternative.....
I've installed the latest version of DMEXbar, a great Explorer 'extension'. This version (v13) happens
to provide a 'protect Junction Points' feature, which won't allow a simple Explorer delete of a Junction
point.
I think I'll stick with this solution, for now.
Again, thanks John.
On Fri, 22 Feb 2008 16:17:37 -0500 in Messsage-ID <nqeur35ol7p54h2taqe8acon6r4u632cbi@xxxxxxx> Cwebb
wrote:
I may have something missing with an update patch. I'll have to
get the 'Unofficial Service Pack 5' installed. Maybe that'll help.
Thanks for your suggestions John.
On Mon, 18 Feb 2008 23:49:50 -0400 in Messsage-ID <uIrXDqqcIHA.5208@xxxxxxxxxxxxxxxxxxxx> John John
wrote:
I can do this at the Junction Point without inheritance. I can apply different permissions to any or all of the folders or files. As soon as one item within the container has a deny delete I cannot delete the Junction point, the deny can be applied on the items in the symbolic link or in the target, the results are the same, as soon as one item is protected inside the container I cannot delete the Junction Point. Put a dummy folder in there and explicitly deny "Everyone" delete rights on it and you won't be able to delete the Junction Point.
John
Cwebb wrote:
I'm baffled.
Though, it seems that you might be going for different results than I am.
It sounds like you're setting the child-folders as well as the junction-point to be delete-protected, is that right?
I'm hoping to simply protect the junction-point, so it isn't deleted
by mistake. I thinks that's all Microsoft means when they say to:
- Use NTFS ACLs to protect junction points from inadvertent deletion.
- Use NTFS ACLs to protect files and directories that are targeted by junction points from inadvertent deletion or other file system operations.
Since I've used a junction-point to be able to move my Documents and Settings folder, I don't want to protect, for example, my desktop, so I need to Allow deletes on folders and files contained in the targeted folders.
But, just to test, I tried setting all to Allow, except I set Deny on 'Delete' and 'Delete Subfolders and Files', and I'm still able to delete
either folder from Explorer.
And I too, am using Sysinternals' Junction utility...
????
I'm at a loss.
Thanks for your input John.
On Fri, 15 Feb 2008 07:17:47 -0400 in Messsage-ID <#bcvpR8bIHA.4968@xxxxxxxxxxxxxxxxxxxx> John John
wrote:
I don't have extensive experience with Junction Points and ACL but that is how it appears to be working for me here. I use Advanced permissions and on the target directory I explicitly Deny two items to Everyone:
Delete Subfolders and Files
Delete
and from the Windows Explorer GUI I as an Administrator/Owner Creator cannot delete files or folder in the target folder or in the Junction Point, nor can I delete the Junction Point. In the Advanced Permissions make sure that you don't have a check mark on "Apply these permissions to objects and/or containers within this container only"
The only variable might be that I used the Sysinternal Junction tool instead of the Resource Kit tools to create the symbolic link, I don't think that would make a difference but maybe it does, I don't know for sure.
John
Cwebb wrote:
Well, the problem may be that I don't know what I'm doing!
I understand you to be saying that the permissions that are set on the
target folder propagate back to the junction point, is that what you're
seeing?
I'm using each folder's <Properties/Security-tab/Advanced> to modify the permissions settings, and I'm changing the permission: for Everyone - "This Folder Only" - changing from 'Allow' to 'Deny' Delete, leaving all other permissions at 'Allow'. I'm doing the same for both the
junction-point and the target folder, and leaving the parent-propagate
and child-propagate boxes unchecked in each case.
I've made sure the child-folders have all permissions set at 'Allow', after
I've set the parent folder permissions.
What is it that I'm missing?
Thanks.
- References:
- Junction Points and ACL 'protection' - how?
- From: Cwebb
- Re: Junction Points and ACL 'protection' - how?
- From: Cwebb
- Re: Junction Points and ACL 'protection' - how?
- From: John John
- Re: Junction Points and ACL 'protection' - how?
- From: Cwebb
- Re: Junction Points and ACL 'protection' - how?
- From: John John
- Re: Junction Points and ACL 'protection' - how?
- From: Cwebb
- Re: Junction Points and ACL 'protection' - how?
- From: John John
- Re: Junction Points and ACL 'protection' - how?
- From: Cwebb
- Re: Junction Points and ACL 'protection' - how?
- From: Cwebb
- Junction Points and ACL 'protection' - how?
- Prev by Date: Re: Junction Points and ACL 'protection' - how?
- Next by Date: Re: FSUTIL, hardlink not working
- Previous by thread: Re: Junction Points and ACL 'protection' - how?
- Next by thread: Re: Junction Points and ACL 'protection' - how?
- Index(es):
Relevant Pages
|
Loading
