Setting NTFS permissions to Write, but not Read
Create a folder with write permissions for the user. Create a robocopy job which copys everything out of this folder every minute.
Is the only clean way for your thing.
Otherwise you can set the listup permission, read attributes and the permission to write files into a folder.
Related videos on Youtube
rjholtz
Director of Network Services for a Long Term and Subacute health care company.
Updated on September 18, 2022Comments
-
rjholtz over 1 year
For our Benefits Open Enrollment period, we want to setup a file share/mapped drive where a specific user account (autologon to locked down laptops for this specific purpose) can save a PDF of their enrollment options from a website they sign up on.
We don't want the user to have read permissions so they can't open other employees's enrollment files. Then the HR Manager who does have read/write permissions can go into that folder to open and print the pdf file. After it is printed it gets deleted.I can't figure out the right combination of Advanced permissions to allow this to happen. Can someone point me in the right direction?
UPDATE: Thanks to EricD and Cosmic542, Robocopy is working great for this. The only caveat is that robocopy runs every minute at a minimum, and I want it to check every 5 seconds or maybe less. I found FreeFileSync through another forum, and it's companion app that gets installed beside it, "RealTimeSync". RTS is a nice little app that monitors a folder for new files/changes and runs a command. You can set how many seconds you want it idle after/before running the command. I have it set to run robocopy once every 5 seconds.
Picture: http://bit.ly/1EdItoBThanks all for your help!
-
ErikE about 9 yearsWhy not simplify: have a background job which moves all files from the pick up directory every 10s or so, to a drop off directory only accessible to HR? Then you need not worry about possible loopholes and workarounds of nosy people.
-
I say Reinstate Monica about 9 yearsIt's not possible to set a combination of NTFS permissions that are sufficient to let a user create a file but not access it. The reason for this is that any file he creates, he becomes its OWNER, and an owner of an object always has the ability to...change permissions on the object.. No matter what permission tricks you pull, being a file's owner lets you "reset" the file's permission to grant yourself Full Control.
-
Kate about 9 yearsWhat about instead of locking down read you deny "List Folder Contents"? The users should then be able to submit the files but not list the contents of the folder, or even view it through windows explorer. It's not foolproof, but it would require a bit more sophistication / guesswork to get into another user's file.
-
Kate about 9 yearsAlthough, I'm a bigger fan of @ErikE 's suggestion
-
-
ErikE about 9 yearsIf using robocopy I would suggest the /mov and /mon:1 switches instead, triggering robocopy to watch for changes as well as deleting files from the source.
-
Admin about 9 yearsThanks Cosmic542 and ErikE. This is the way I'll set it up . I appreciate your help!