qwert Posted May 9, 2016 Share Posted May 9, 2016 I generally work in a single-user environment, where I’m the user and want access to everything on my PC. However, I’ve been working with some scripts that would benefit from (them) having sole access to a directory of files ... files that only the scripts would write and maintain. There could be dozens of files, with sizes from kBytes to mBytes. Since my experience is very limited in this area, I’d like to ask of someone who has a good working knowledge of file permissions: Is there a straightforward way to set up a directory that can only be accessed by a set of authorized scripts? I would even like to have the directory off limits to general software like Windows Explorer. Thanks in advance for any assistance. Link to comment Share on other sites More sharing options...
JohnOne Posted May 9, 2016 Share Posted May 9, 2016 No. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
iamtheky Posted May 9, 2016 Share Posted May 9, 2016 put them in a container like 7z or zip that requires a passphrase only the script knows, or make a service? Otherwise its the account, moreso than the script that has the rights, if I understand the question. ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__) Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted May 9, 2016 Moderators Share Posted May 9, 2016 Create a group of administrative users, give only that group access to the directory (all others flat Deny). Run the scripts as one of the administrative accounts. As for not even allowing Windows Explorer, I am not sure what you think you're going to gain by doing this. Windows has to be able to index the directory and its contents. If you are meaning that users without access won't even see the directory when browsing, then yes you can set these permissions up. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
qwert Posted May 9, 2016 Author Share Posted May 9, 2016 57 minutes ago, JLogan3o13 said: As for not even allowing Windows Explorer Thanks for the responses. Regarding Explorer, I picked that as an example of a general program that might try to access the directory. MSWord or MSPaint would be of that same genre of common programs. 1 hour ago, JLogan3o13 said: Create a group of administrative users That sounds promising, but I'll have to investigate the "group" part versus "one admin user". Thanks for the suggestion. Regarding the password-protected zip, several of my files might, indeed, be able to reside inside such a "database" ... IF access overhead is reasonable. Plus, this might be the easiest time implement on a localized basis. By that, I mean not impacting a user's normal operating environment. Again, thanks for the ideas. Link to comment Share on other sites More sharing options...
spudw2k Posted May 9, 2016 Share Posted May 9, 2016 1 hour ago, qwert said: I'll have to investigate the "group" part versus "one admin user" Typically group level permissions are preferred as they lend to be easier to maintain. For a single-user system it may be erroneous to do group level permission, but it's still a good practice. 2 hours ago, JLogan3o13 said: (all others flat Deny) Implicit deny should be good enough; no need to explicitly deny all other entities...yes/no? Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now