Re: Deny _WRITE_ access to a file
From: Al Dunbar [MS-MVP] (alan-no-drub-spam_at_hotmail.com)
Date: 03/01/05
- Next message: Roger Abell: "Re: Deny _WRITE_ access to a file"
- Previous message: Al Dunbar [MS-MVP]: "Re: Looking for a good scripting language."
- Maybe in reply to: Al Dunbar [MS-MVP]: "Re: Deny _WRITE_ access to a file"
- Next in thread: Roger Abell: "Re: Deny _WRITE_ access to a file"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 28 Feb 2005 21:21:25 -0700
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:uIPY%23uNHFHA.2936@TK2MSFTNGP15.phx.gbl...
> You are correct that xcacls.exe does not offer the granularity
> for Deny settings that you are after.
In addition to that, also consider that it is often more appropriate to
simply not grant write access rather than actually denying it.
/Al
> You can download xcacls.vbs from the Microsoft site
>
http://www.microsoft.com/downloads/details.aspx?FamilyID=0ad33a24-0616-473c-b103-c35bc2820bda&DisplayLang=en
> This does support the granularity you are after.
>
> However, a better solution might be reorganizing storage
> so that files in this category are within a subdirectory of
> their current location, rather than mixed into files of the
> other permissions category within a single directory.
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Javier J" <no.mail@please.no> wrote in message
> news:cvc321lamb3mjim61lkfadd8f72kcdhc39@4ax.com...
> > Hi all!
> >
> > I want to make sure that a group of users can't WRITE a set of files
> > that they have to be able to READ. The files belonging to that set
> > might change over time, so I want to make it part of a logon script.
> >
> > The problem is, I can use CACLS / XCACLS to DENY ALL access to the
> > file. or to GRANT read, write, etc privileges to the files.. But I
> > can't use them (or, probaby, I don't know how to do it) to just deny
> > write permissions for a given group.
> >
> > Is there some util that I might use, or do I have to resort to VBS to
> > accomplish what I need to do? IF that's the case, HOW do I do it
> > (sadly, whie I'm quite adept at batch scripting, VBS is not my forte).
> >
> > Thanks a lot.
> >
> > Javier J
>
>
- Next message: Roger Abell: "Re: Deny _WRITE_ access to a file"
- Previous message: Al Dunbar [MS-MVP]: "Re: Looking for a good scripting language."
- Maybe in reply to: Al Dunbar [MS-MVP]: "Re: Deny _WRITE_ access to a file"
- Next in thread: Roger Abell: "Re: Deny _WRITE_ access to a file"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
