Sign in to follow this  
Followers 0
qwert

Looking for advice on Windows file permissions

6 posts in this topic

I generally work in a single-user environment, where I’m the user and want access to everything on my PC.

However, I’ve been working with some scripts that would benefit from (them) having sole access to a directory of files ... files that only the scripts would write and maintain. There could be dozens of files, with sizes from kBytes to mBytes.

Since my experience is very limited in this area, I’d like to ask of someone who has a good working knowledge of file permissions:

Is there a straightforward way to set up a directory that can only be accessed by a set of authorized scripts? I would even like to have the directory off limits to general software like Windows Explorer.

Thanks in advance for any assistance.

 

 

Share this post


Link to post
Share on other sites



put them in a container like 7z or zip that requires a passphrase only the script knows, or make a service?  Otherwise its the account, moreso than the script that has the rights, if I understand the question.


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Create a group of administrative users, give only that group access to the directory (all others flat Deny). Run the scripts as one of the administrative accounts.

As for not even allowing Windows Explorer, I am not sure what you think you're going to gain by doing this. Windows has to be able to index the directory and its contents. If you are meaning that users without access won't even see the directory when browsing, then yes you can set these permissions up.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
57 minutes ago, JLogan3o13 said:

As for not even allowing Windows Explorer

Thanks for the responses.  Regarding Explorer, I picked that as an example of a general program that might try to access the directory.  MSWord or MSPaint would be of that same genre of common programs.

1 hour ago, JLogan3o13 said:

Create a group of administrative users

That sounds promising, but I'll have to investigate the "group" part versus "one admin user".  Thanks for the suggestion.

Regarding the password-protected zip, several of my files might, indeed, be able to reside inside such a "database" ... IF access overhead is reasonable.  Plus, this might be the easiest time implement on a localized basis.  By that, I mean not impacting a user's normal operating environment. 

Again, thanks for the ideas.

 

Share this post


Link to post
Share on other sites
1 hour ago, qwert said:

I'll have to investigate the "group" part versus "one admin user"

Typically group level permissions are preferred as they lend to be easier to maintain.  For a single-user system it may be erroneous to do group level permission, but it's still a good practice.

2 hours ago, JLogan3o13 said:

(all others flat Deny)

Implicit deny should be good enough; no need to explicitly deny all other entities...yes/no?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0