Write Only Permissions on a folder

[Vish]

Hello,

Wierd question but bear with me.

What I want to do is setup a shared folder where people (EVeryone) can save
files to but can niether Read or List any of them. Essentially I want them to
be able so save files here but only a select number of people should be able
to read and open these files.

I know the best way is probably secure Mailbox but just looking at other
options.

Thanks

Vish

[Herb Martin]

"Vish" <Vi...@discussions.microsoft.com> wrote in message
news:D9724DFF-B647-47C9...@microsoft.com...

> Hello,
>
> Wierd question but bear with me.

Hey, this isn't that weird at all.

> What I want to do is setup a shared folder where people (EVeryone) can
> save
> files to but can niether Read or List any of them.

Yes, but it is difficult. It will require using "Special Permission" (from
Security->
ADVANCED tab) and perhaps some user training since they will NOT be
able to "view or list" the contents of the directory and may not be able to
use
GUI, especially "browser" tools but may need to specify the full path to the
(new) files.

Basic strategy:
If you remove "read" and allow "write" then you can allow someone to add a
file but only edit it the FIRST time -- i.e., until it is close.

You will need to do some experimenting to get (near to) exactly what you
wish but it can basically be accomplished.

> Essentially I want them to
> be able so save files here but only a select number of people should be
> able
> to read and open these files.

Deal with the separate "groups" separately. Those who can only Add, those
who can also view, in different groups with different permissions.

> I know the best way is probably secure Mailbox but just looking at other
> options.

Mailbox? Are you talking Exhcange or the File System?

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

[Vish]

Thanks for your help Herb:)

Basically what we are trying to do is have a central repository for
confidential employee information where employees can drop thier details for
HR to view but obviously cant read or see anyone elses.

It doesnt need to be a file share, my personal option would be to do an
outlook form and have a secure mailbox to store this information, however the
boss wants several doable options which is why I was thinking file share.

From a user perspective I htink the email route would be easier.

[Herb Martin]

"Vish" <Vi...@discussions.microsoft.com> wrote in message

news:24D689CA-5364-4623...@microsoft.com...

> Thanks for your help Herb:)
>
> Basically what we are trying to do is have a central repository for
> confidential employee information where employees can drop thier details
> for
> HR to view but obviously cant read or see anyone elses.

That is an entirely different and must easier problem.

If default file permissions are set on the parent directory so that ONLY
the HR Group and the Creator/Owner have access then only those (two)
Groups could access the files.

That is Fred and Fred's file, Mary on Mary's file, and the HR Group on
both.

This is much easier than trying to allow Fred et al to add a file but not
edit that file at a later time.

> It doesnt need to be a file share, my personal option would be to do an
> outlook form and have a secure mailbox to store this information, however
> the
> boss wants several doable options which is why I was thinking file share.

If you use a mailbox (Exchange or anything else) this is trivial.

Create a box that anyone can send to, but only the HR Group can
read. That's easy.

> From a user perspective I htink the email route would be easier.

Yes, and you could to this even with an SMTP/POP email server
and account.

[Roger Abell [MVP]]

"Herb Martin" <ne...@learnquick.com> wrote in message
news:O2ynEMbf...@TK2MSFTNGP02.phx.gbl...

>
> "Vish" <Vi...@discussions.microsoft.com> wrote in message
> news:24D689CA-5364-4623...@microsoft.com...
>> Thanks for your help Herb:)
>>
>> Basically what we are trying to do is have a central repository for
>> confidential employee information where employees can drop thier details
>> for
>> HR to view but obviously cant read or see anyone elses.
>
> That is an entirely different and must easier problem.
>
> If default file permissions are set on the parent directory so that ONLY
> the HR Group and the Creator/Owner have access then only those (two)
> Groups could access the files.

Actually one still does need to have a third special permission grant,
such as to Users, of Create files / Write data in order to enable them
to become a Creator/Owner on their file(s)

[Roger Abell [MVP]]

Vish,

First I note that your post is misplaced and has nothing to do
with AD per se.

Another, quite simple, alternative is an https accessible web page
that has upload control, probably with authenticated access.
This saves the uploaded to a share that has only HR group at
the share-level permissions (or even provide them with a web
page to download/delete from server storage).

Roger

"Vish" <Vi...@discussions.microsoft.com> wrote in message

news:D9724DFF-B647-47C9...@microsoft.com...

[Herb Martin]

"Roger Abell [MVP]" <mvpN...@asu.edu> wrote in message
news:elDmucdf...@TK2MSFTNGP05.phx.gbl...

>
> "Herb Martin" <ne...@learnquick.com> wrote in message
> news:O2ynEMbf...@TK2MSFTNGP02.phx.gbl...
>>
>> "Vish" <Vi...@discussions.microsoft.com> wrote in message
>> news:24D689CA-5364-4623...@microsoft.com...
>>> Thanks for your help Herb:)
>>>
>>> Basically what we are trying to do is have a central repository for
>>> confidential employee information where employees can drop thier details
>>> for
>>> HR to view but obviously cant read or see anyone elses.
>>
>> That is an entirely different and must easier problem.
>>
>> If default file permissions are set on the parent directory so that ONLY
>> the HR Group and the Creator/Owner have access then only those (two)
>> Groups could access the files.
>
>
> Actually one still does need to have a third special permission grant,
> such as to Users, of Create files / Write data in order to enable them
> to become a Creator/Owner on their file(s)

Here I was talking about using just Standard permissions.

Special permission would be needed only if the SAME people/groups
were required to add a file not to later read that same file.

[Roger Abell [MVP]]

"Herb Martin" <ne...@learnquick.com> wrote in message

news:%23ufEJkd...@TK2MSFTNGP04.phx.gbl...

Hi Herb,
I think you may have misread my comment.
You stated _only_ access for Creator Owner and for HR.
That would mean that non-HR account could not drop files
there, in order for the Creator Owner grant to become effective.
Roger

[Herb Martin]

"Roger Abell [MVP]" <mvpN...@asu.edu> wrote in message

news:%23T3BT6q...@TK2MSFTNGP02.phx.gbl...

>>>>>
>>>>> Basically what we are trying to do is have a central repository for
>>>>> confidential employee information where employees can drop thier
>>>>> details for
>>>>> HR to view but obviously cant read or see anyone elses.
>>>>
>>>> That is an entirely different and must easier problem.
>>>>
>>>> If default file permissions are set on the parent directory so that
>>>> ONLY
>>>> the HR Group and the Creator/Owner have access then only those (two)
>>>> Groups could access the files.
>>>
>>>
>>> Actually one still does need to have a third special permission grant,
>>> such as to Users, of Create files / Write data in order to enable them
>>> to become a Creator/Owner on their file(s)
>>
>>
>> Here I was talking about using just Standard permissions.
>>
>> Special permission would be needed only if the SAME people/groups
>> were required to add a file not to later read that same file.
>>
>
> Hi Herb,
> I think you may have misread my comment.
> You stated _only_ access for Creator Owner and for HR.
> That would mean that non-HR account could not drop files
> there, in order for the Creator Owner grant to become effective.
> Roger

No, again was talking about the permissions the FILES would inherit
from the directly -- anyone can add to the directory, but the permissions
that are inherited would be just HR and Creator/Owner not for those
others.

>>>>> confidential employee information where employees can drop thier
>>>>> details for
>>>>> HR to view but obviously cant read or see anyone elses.

Many people don't realize that the inherited permissions can be different
than the permissions on the parent directory itself.

[Vish]

Roger

I was a bit 50/50 as to post here or not, but wasnt 100% sure of what other
thread to post this one in.

Thanks for all your help on this one, both you and Herb have been really
helpful.

hope you all had a good weekend.

Cheers

Vish

[Vish]

Herb,

Thanks for all your help on this one.

Vish

[Herb Martin]

"Vish" <Vi...@discussions.microsoft.com> wrote in message

news:6708FA0A-F1F7-4801...@microsoft.com...

> Herb,
>
> Thanks for all your help on this one.

Sure. You are welcome. Did it work for you?

[maurie aker]

I have the same problem . On a windows folder , I need to give write only access to users to create files but do not access (read, list or modify ) the files created previously. I tried using security options of the folder and deny access to all atributes other than write . However I could not accomplish what i wanted . I created an excel file in the folder but other users can read the file eventhough i removed their read permissions. Any help would be appreciated. I know i am missing something that i can figured it out. Please let me know what i can not see:)

Herb Martin wrote:

Re: Write Only Permissions on a folder
16-Apr-07

Sure. You are welcome. Did it work for you?

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

Previous Posts In This Thread:

On Friday, April 13, 2007 5:02 AM
Vis wrote:

Write Only Permissions on a folder
Hello,

Wierd question but bear with me.

What I want to do is setup a shared folder where people (EVeryone) can save
files to but can niether Read or List any of them. Essentially I want them to
be able so save files here but only a select number of people should be able
to read and open these files.

I know the best way is probably secure Mailbox but just looking at other
options.

Thanks

Vish

On Friday, April 13, 2007 5:16 AM
Herb Martin wrote:

Re: Write Only Permissions on a folder

"Vish" <Vi...@discussions.microsoft.com> wrote in message

news:D9724DFF-B647-47C9...@microsoft.com...

Hey, this isn't that weird at all.

Yes, but it is difficult. It will require using "Special Permission" (from
Security->
ADVANCED tab) and perhaps some user training since they will NOT be
able to "view or list" the contents of the directory and may not be able to
use
GUI, especially "browser" tools but may need to specify the full path to the
(new) files.

Basic strategy:
If you remove "read" and allow "write" then you can allow someone to add a
file but only edit it the FIRST time -- i.e., until it is close.

You will need to do some experimenting to get (near to) exactly what you
wish but it can basically be accomplished.

Deal with the separate "groups" separately. Those who can only Add, those
who can also view, in different groups with different permissions.

Mailbox? Are you talking Exhcange or the File System?

--

Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

On Friday, April 13, 2007 5:26 AM
Vis wrote:

Re: Write Only Permissions on a folder

Thanks for your help Herb:)

Basically what we are trying to do is have a central repository for

confidential employee information where employees can drop thier details for
HR to view but obviously cant read or see anyone elses.

It doesnt need to be a file share, my personal option would be to do an

outlook form and have a secure mailbox to store this information, however the
boss wants several doable options which is why I was thinking file share.

From a user perspective I htink the email route would be easier.

"Herb Martin" wrote:

On Friday, April 13, 2007 6:03 AM
Herb Martin wrote:

Re: Write Only Permissions on a folder

"Vish" <Vi...@discussions.microsoft.com> wrote in message

news:24D689CA-5364-4623...@microsoft.com...

That is an entirely different and must easier problem.

If default file permissions are set on the parent directory so that ONLY
the HR Group and the Creator/Owner have access then only those (two)
Groups could access the files.

That is Fred and Fred's file, Mary on Mary's file, and the HR Group on
both.

This is much easier than trying to allow Fred et al to add a file but not
edit that file at a later time.

If you use a mailbox (Exchange or anything else) this is trivial.

Create a box that anyone can send to, but only the HR Group can
read. That's easy.

Yes, and you could to this even with an SMTP/POP email server
and account.

--

Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

On Friday, April 13, 2007 7:32 AM
Roger Abell [MVP] wrote:

Re: Write Only Permissions on a folder

Actually one still does need to have a third special permission grant,
such as to Users, of Create files / Write data in order to enable them
to become a Creator/Owner on their file(s)

On Friday, April 13, 2007 7:35 AM
Roger Abell [MVP] wrote:

Vish,First I note that your post is misplaced and has nothing to dowith AD per
Vish,

First I note that your post is misplaced and has nothing to do
with AD per se.

Another, quite simple, alternative is an https accessible web page
that has upload control, probably with authenticated access.
This saves the uploaded to a share that has only HR group at
the share-level permissions (or even provide them with a web
page to download/delete from server storage).

Roger

"Vish" <Vi...@discussions.microsoft.com> wrote in message
news:D9724DFF-B647-47C9...@microsoft.com...

On Friday, April 13, 2007 10:35 AM
Herb Martin wrote:

Re: Write Only Permissions on a folder

"Roger Abell [MVP]" <mvpN...@asu.edu> wrote in message

news:elDmucdf...@TK2MSFTNGP05.phx.gbl...

Here I was talking about using just Standard permissions.

Special permission would be needed only if the SAME people/groups
were required to add a file not to later read that same file.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

On Saturday, April 14, 2007 12:04 PM
Roger Abell [MVP] wrote:

Re: Write Only Permissions on a folder

"Herb Martin" <ne...@learnquick.com> wrote in message
news:%23ufEJkd...@TK2MSFTNGP04.phx.gbl...

Hi Herb,

I think you may have misread my comment.
You stated _only_ access for Creator Owner and for HR.
That would mean that non-HR account could not drop files
there, in order for the Creator Owner grant to become effective.
Roger

On Saturday, April 14, 2007 4:45 PM
Herb Martin wrote:

Re: Write Only Permissions on a folder

"Roger Abell [MVP]" <mvpN...@asu.edu> wrote in message
news:%23T3BT6q...@TK2MSFTNGP02.phx.gbl...

No, again was talking about the permissions the FILES would inherit

from the directly -- anyone can add to the directory, but the permissions
that are inherited would be just HR and Creator/Owner not for those
others.

Many people don't realize that the inherited permissions can be different
than the permissions on the parent directory itself.

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

On Monday, April 16, 2007 5:00 AM
Vis wrote:

Roger I was a bit 50/50 as to post here or not, but wasnt 100% sure of what
Roger

I was a bit 50/50 as to post here or not, but wasnt 100% sure of what other
thread to post this one in.

Thanks for all your help on this one, both you and Herb have been really
helpful.

hope you all had a good weekend.

Cheers

Vish

"Roger Abell [MVP]" wrote:

On Monday, April 16, 2007 5:10 AM
Vis wrote:

Re: Write Only Permissions on a folder
Herb,

Thanks for all your help on this one.

Vish

"Herb Martin" wrote:

On Monday, April 16, 2007 2:01 PM
Herb Martin wrote:

Re: Write Only Permissions on a folder

Sure. You are welcome. Did it work for you?

--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)

Submitted via EggHeadCafe - Software Developer Portal of Choice
WPF Control?s Default Style or Template by Extending the WPF Designer in Visual Studio 2010
http://www.eggheadcafe.com/tutorials/aspnet/d1ad0a33-d815-4083-8e97-c234fd661095/wpf-controls-default-style-or-template-by-extending-the-wpf-designer-in-visual-studio-2010.aspx