Windows Folder Permission Issue

Windows Folder Permission Issue

Click here to associate this thread with a Package KB article.

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> [AppDeploy Forums] >> Distribution >> Group Policy >> Windows Folder Permission Issue

Page: [1]

Message

<< Older Topic Newer Topic >>

Windows Folder Permission Issue - 11/16/2004 3:31:06 PM

dsouza_steevan

Posts: 2
Score: 0
Joined: 11/16/2004
Status: offline

Hi, I have a question regarding the windows file/folder permission. One application (being packaged) requires create file permission for .log files in the windows folder(C:\Windows in XP) in order to launch successfully. As a normal locked down user does not have permission to create files under C:\Windows, the application in question breaks. The log file names are in incremental order and the app creates new log file upon every launch.

Could you please confirm if there is a way to give user create permission for (*.log file only) under C:\Windows ? Is group policy a possible solution in this case? if yes then how?

Post #: 1

RE: Windows Folder Permission Issue - 11/16/2004 5:28:18 PM

WiseUser

Posts: 522
Score: 49
Joined: 4/1/2004
From: Europe
Status: offline

The first thing to establish is whether this location is "hard-coded", or whether you can influence the log folder location somehow (registry, inifile, start-up folder, etc). Ideally, you should make the application create the files elsewhere - is it an in-house application?

As a last resort, you could grant users of that application special permissions to create new files in the windows folder (but not modify existing files), maybe using a group. But this should only be done as a last resort.

I can think of a complicated work-around using the installer service to create the next sequential log file at application runtime and modify it's ACL accordingly (and maybe delete redundant ones). This solution would rely on an advertised shortcut and the fact that your MSI might be "managed", but I won't go into details!

(in reply to dsouza_steevan)

Post #: 2

RE: Windows Folder Permission Issue - 11/17/2004 7:31:19 AM

dsouza_steevan

Posts: 2
Score: 0
Joined: 11/16/2004
Status: offline

quote:

to create new files in the windows folder (but not modify existing files),

Hi Thanks a lot for the reply. The app has no registry, ini file configure info to coustomise this log file creation. It is an in-house application.

The workaround you suggested (to create next sequential log file at application runtime using installer service) is of no use as the app itself is creating the log file at runtime. If 1.log already exists, it creates 2.log. if 2.log exists then 3.log and so on.

Kind regards
Steevan

(in reply to dsouza_steevan)

Post #: 3

RE: Windows Folder Permission Issue - 11/29/2004 7:59:26 AM

Sweede

Posts: 59
Score: 0
Joined: 4/21/2004
From: Silkeborg, Denmark
Status: offline

Make a startup script to remove the logfiles

Give permission to a few number of files log1, log2, log3, log5 from GPO etc.

that gives the ability to start the program say 5 times

But best thing is to change program behavior.

Sweede

(in reply to dsouza_steevan)

Post #: 4

RE: Windows Folder Permission Issue - 11/29/2004 11:08:32 AM

cdupuis

Posts: 337
Score: 0
Joined: 2/6/2004
From: Richmond BC Canada
Status: offline

quote:

ORIGINAL: Sweede

Make a startup script to remove the logfiles

Give permission to a few number of files log1, log2, log3, log5 from GPO etc.

that gives the ability to start the program say 5 times

But best thing is to change program behavior.

Sweede

Make sure that if you try to modify the permissions of the log files that the System account has modify permissions on the folder that the log files reside in.

(in reply to Sweede)

Post #: 5

RE: Windows Folder Permission Issue - 12/17/2004 6:17:52 PM

MSIMaker

Posts: 641
Score: 21
Joined: 3/2/2004
From: Sydney Australia
Status: offline

You could easily create a Global group in AD and give users in that group create permissions in the Windows folder. This will mean that only those users with the app have that sort of permission. It's messy but it will work.

_____________________________

-------------------------------
Jim Baker
msimaker@hotmail.com
-------------------------------

Never rush a miracle worker.....you get lousy miracles.

(in reply to cdupuis)

Post #: 6

RE: Windows Folder Permission Issue - 11/21/2009 12:39:55 AM

Eswari

Posts: 37
Score: 0
Joined: 8/29/2007
Status: offline

can we give permission using cacls to a create log files only in a folder

(in reply to MSIMaker)

Post #: 7

RE: Windows Folder Permission Issue - 11/22/2009 12:26:19 PM

VBScab

Posts: 6657
Score: 188
Joined: 9/5/2006
From: London, UK
Status: online

If I understand your post correctly, you are asking if you can use CACLS to restrict users in such a way that only log files can be create in a folder. A simple execution of CACLS with no arguments or reading of its documentation would show you all its command line arguments, none of which would implement such a feature.

I think the only way you could achieve what you want would be to create a service which watches the folder in question and deletes any file which isn't a log file. You would obviously also have to define, for that service the file types which you consider to be 'LOG' files.

Next, it's not really The Done Thing - here or in most forums I know of - to resurrect old threads.

Lastly, what exactly does your question have to do with 'Group Policy', the intended subject matter for this forum?

< Message edited by VBScab -- 11/22/2009 12:27:23 PM >

_____________________________

- Don't know why 'x' happened? Want to know why 'y' happened? ProcMon will tell you.
- Try using http://www.google.com before posting.
- I answer questions only via forums. PMs and personal emails will be ignored.

(in reply to Eswari)

Post #: 8