/build/static/layout/Breadcrumb_cap_w.png

NTFS Permissions - execute but not copy?

I have a group of engineering users who have developed software that is available for use by everyone on site. The question they've asked me is: Is there a way to allow everyone to execute their software, but not copy them? At the moment they are simple compiled executable files sitting on a Windows 2000 server share, and users access them via both their Windows NT domain and Active Directory accounts.

I've experimented a bit with the advanced NTFS permissions on the folders, but haven't had any luck. As soon as they have enough rights to execute the programs, they also have the ability to copy them.

Any thoughts?

0 Comments   [ + ] Show comments

Answers (6)

Posted by: VikingLoki 19 years ago
Second Degree Brown Belt
0
In the file properties, go to Security, Advanced Settings and make it so only Traverse Folder / Execute File is checked. That will make it so they can see it, run it and nothing else. Also be sure that no other properties are inherited for the object and the users you want to restrict aren't members of other groups which would give them access. That may be why you didn't find the solution.
Posted by: dfinley 19 years ago
Senior Yellow Belt
0
Thank you for the suggestion, that was one of the things I tried early on, but with just that specific right assigned to the user, they immediately get an Access Denied when attempting to browse to the folder. Creating a shortcut for them that points directly to an executable inside the folder doesn't work either, it acts like the executable doesn't exist.

I've tried assigning the following specific permissions (to a specific test ID that is not inheriting any allow/deny rights from other groups) and various combinations of them:

Traverse Folder / Execute File
List Folder / Read Data
Read Permissions

It sure sounds like the first one is exactly what I'm looking for, but apparently I don't understand exactly what rights that is giving the user :(
Posted by: VikingLoki 19 years ago
Second Degree Brown Belt
0
It won't do what you want on the folder level. To prevent copying, you must give the right to execute and deny the right to read. BUT, if you deny the right to read a folder, you can't see anything in it.

This works on the file level. Apply the above instructions to each individual file that you don't want copied.
Posted by: dfinley 19 years ago
Senior Yellow Belt
0
ahh, I see, I was only trying it at the folder level. Considering we're talking 4,000+ files that are frequently updated, I think I'll search for another approach to locking these down so they only run while a user is authenticated to our network.

thanks again,


Dave
Posted by: VikingLoki 19 years ago
Second Degree Brown Belt
0
4000+ frequently updated files??? Wow. What does that app DO??

You can do it. One word... INTERNS!!!! [:D]
Posted by: dfinley 19 years ago
Senior Yellow Belt
0
It's actually a collection of about 125 engineering applications & utilities that are developed internally by my users, I let them update their files directly on the server under the condition that they don't pester me every time they do an update :)
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ