I would like to allow my users to modify the specific file/folder but not able to delete it.
I have tried to achieve this using NTFS Permission i.e (Security>Advanced>Edit>Disable Inheritance>Uncheck both Delete permissions).
This does works successfully, meaning that it doesn't allow my users to be able to delete files but parallel to this, it prevents them to edit as well. (MS Word file is used for testing)
When they try to edit file and save it, it prompts them: Access Denied. Contact your administrator
Please let me know if someone has solution for this.
Testing Environment:
Microsoft Windows 8
Microsoft Windows Server 2008
File: New Word Document
Thank you
Related
Have just succeeded in setting up a State migration point on our SCCM and after that got USMT to make user profile backup and restore on the reinstalled PC.
According to the log everything is OK and User data and desktop is there but hardly anything else , not even my Edge favorites or any browser favorites.
USMT is the latest 20H2
Is this what to expect or is something wrong?
I know. Disapointing but it is only a question about updates.
Please get my EhlerTech updated custom xml files for USMT and include them in your SCCM USMT package.
Basically just use MigUser.xml, MigApp.xml and Win10.xml from my xml package.
In case you only need the users profile without scanning the rest of the drive for docs, use MigUser_Profile_only.xml (faster but only grabs data inside the user profiles)
To see a more thorough XML guide go here :-)
/Thomas
Is it possible for someone with Administrator access to easily create arbitrary files (e.g. text documents) within the C:\Inetpub\wwwroot folder under Windows 8.1?
Normally right-click presents me with many file types I can create; here, I'm only given the option to create a new sub-folder, even though I can (i) edit existing files there or (ii) create files elsewhere and move them there. (Also, gvim running with administrator access can't create a (new) swap file there).
I created a subfolder ("test"), and took ownership of it, but it made no difference. One of my colleagues thought that this was a "special case" overridden by IIS and could be configured by the Group Policy Editor somehow?
I've heard that disabling UAC solves the problem, but I don't want to do that!
Any ways round this? (Reference to an existing discussion I missed would be fine if it covers the same problem). Thanks!
Smychi
Solved this; I added the specific administrative user account I was logged in under ("User") to the list of permissions and granted myself "Full Control".
Not sure why this didn't already work with the existing groups settings, though I'll admit my knowledge of Windows permissions isn't as good as it should be.
Feel free to say whether this is a good or bad way to do it, or add any comment to this anyway, for my benefit or for others who might stumble across this.
Smychi
I don't do much with Powershell often but yesterday was needing to extract a file from a zip archive. During the process I was looking for a file by iterating through the contents of a zip anbd comparing the file's (item) Name property to the filename (say abc.ps1).
Code was working locally and I was happy with the result I was getting.
Pushe the code to deployment environment to be run on server and the code was notifying me that it could not find abc.ps1.
Further investigation, I logged onto the server (as my own account, not the service account that the code executed as). When I looked in the zip it was querying I could see the file, but it was named abc.
I had xyz.txt and def.pdf but the ps1 file was simply abc. I knew that this is based on an Option in Windows Explorer options for 'Hide extensions for known file types'.
Logging on to the server with the service account, unchecking this option and re-running the script fixed all problems, it was able to fid the file based on name + ext.
Is there a way of enforcing PS not to take into account Explorer options such as these when running?
Am currently thinking of applying a GPO to prevent any systems from having this option on.
I have a shared network location for all users saving files. All users have full access to this location.
Is that possible to find out WHO made the last change to a file or folder by Powershell or any other way?
There is no issue to get all those date and owner info from Powershell, but looks like there is no way to find out WHO made the last changes.
any idea please?
The only user held against a file on NTFS is the owner. There is no record of who last modified the file.
However Windows can audit file system operations.
See http://support.microsoft.com/en-us/kb/310399 (says Windows XP in the title but applies to later versions). This needs to be applied to the system hosting the file system.
I am using windows installer to create setup project.
How I can remove/delete application files from AppData\Roaming folder when application uninstalled.
I tried added a special folder and set DefaultLocaltion to [AppDataFolder] but it didn't working.
Do I need to do anything else?
I'd need to understand what you are trying to do to give you specific advice. In general what you are trying to do would be OK removing files from CommonAppDataFolder but not AppDataFolder as trying to clanup user data from multiple user profiles is not a best practice. Additionally trying to cleanup Roaming Profile User data is outright impossible because the other users aren't logged on.
You'll want to read:
Managing Roaming User Data Deployment Guide
Assuming you are trying to do what I think you are, you'll need a cleanup script / exe that you leave behind on uninstall and a custom action to write to the registry during uninstall ( MSI can't do this natively ) to call that script/EXE. You'll want to leverage the Active Setup trick as described here:
Using Active Setup to Repair User Settings
The way it'll work is your uninstall leaves the EXE and registry entry behind so that when a user logs on it's roaming data gets pulled down from the server to local and Active Setup realizes it hasn't run the script yet. The script runs (once) and the data is deleted. When the user logs off the data is replicated / deleted on the server. Then they log on again it doesn't run again.
By default Windows Installer does not remove the files created by your application, after the installation. To do that you need to either write your own custom action, that will run upon uninstall, or depending on the tool used for authoring the MSI, you can use built-in options for cleaning the application locations, as some tools have this support.