I have a group of engineering users who have developed software that is available for use by everyone on site. The question they've asked me is: Is there a way to allow everyone to execute their software, but not copy them? At the moment they are simple compiled executable files sitting on a Windows 2000 server share, and users access them via both their Windows NT domain and Active Directory accounts.

I've experimented a bit with the advanced NTFS permissions on the folders, but haven't had any luck. As soon as they have enough rights to execute the programs, they also have the ability to copy them.

Any thoughts?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
In the file properties, go to Security, Advanced Settings and make it so only Traverse Folder / Execute File is checked. That will make it so they can see it, run it and nothing else. Also be sure that no other properties are inherited for the object and the users you want to restrict aren't members of other groups which would give them access. That may be why you didn't find the solution.
Answered 05/06/2005 by: VikingLoki
Second Degree Brown Belt

Please log in to comment
0
Thank you for the suggestion, that was one of the things I tried early on, but with just that specific right assigned to the user, they immediately get an Access Denied when attempting to browse to the folder. Creating a shortcut for them that points directly to an executable inside the folder doesn't work either, it acts like the executable doesn't exist.

I've tried assigning the following specific permissions (to a specific test ID that is not inheriting any allow/deny rights from other groups) and various combinations of them:

Traverse Folder / Execute File
List Folder / Read Data
Read Permissions

It sure sounds like the first one is exactly what I'm looking for, but apparently I don't understand exactly what rights that is giving the user :(
Answered 05/06/2005 by: dfinley
Senior Yellow Belt

Please log in to comment
0
It won't do what you want on the folder level. To prevent copying, you must give the right to execute and deny the right to read. BUT, if you deny the right to read a folder, you can't see anything in it.

This works on the file level. Apply the above instructions to each individual file that you don't want copied.
Answered 05/06/2005 by: VikingLoki
Second Degree Brown Belt

Please log in to comment
0
ahh, I see, I was only trying it at the folder level. Considering we're talking 4,000+ files that are frequently updated, I think I'll search for another approach to locking these down so they only run while a user is authenticated to our network.

thanks again,


Dave
Answered 05/06/2005 by: dfinley
Senior Yellow Belt

Please log in to comment
0
4000+ frequently updated files??? Wow. What does that app DO??

You can do it. One word... INTERNS!!!! [:D]
Answered 05/10/2005 by: VikingLoki
Second Degree Brown Belt

Please log in to comment
0
It's actually a collection of about 125 engineering applications & utilities that are developed internally by my users, I let them update their files directly on the server under the condition that they don't pester me every time they do an update :)
Answered 05/13/2005 by: dfinley
Senior Yellow Belt

Please log in to comment
Answer this question or Comment on this question for clarity