Server2003 - is this possible?

Hi all,

I'm a volunteer IT for a small middle school and am not very familiar
with the security possibilities of the Server 2003 O/S. Google has
not turned up anything to my specific need. I have one server 2003
with a shared folderfor the students to save files to from a computer
lab(XP Pro SP2) and wish to know if what I want to do is even
possible.

I would like for all students to be able to save files to this shared
server folder (sub folders for each teacher) and once the file is
saved have it become "read only" so that other students may not be
able to alter this original file, but that changes made by teachers
could be "saved as" a different name to allow for any
comments/feedback for these files(projects). Basically keeping the
original file intact/protected.

I currently have the permissions set for Change and Read but have not
checked the "Full Control" option, only listed user is "Everyone".

I tried it with just the "Read" option, but it wouldn't allow anyone
to save the original file. Not sure what the difference is between
"Full Control" and "Change", as it appears they both allow the same
amount of access to the files.

As I said I'm not sure what I'm asking is even possible, Thanks for
any wisdom.

niteowl

 

<niteowl> wrote in message
news:2vbou41gkpafi5u0h05jkd0id6h0j9dccc@4ax.com...
> Hi all,
>
> I'm a volunteer IT for a small middle school and am not very familiar
> with the security possibilities of the Server 2003 O/S. Google has
> not turned up anything to my specific need. I have one server 2003
> with a shared folderfor the students to save files to from a computer
> lab(XP Pro SP2) and wish to know if what I want to do is even
> possible.
>
> I would like for all students to be able to save files to this shared
> server folder (sub folders for each teacher) and once the file is
> saved have it become "read only" so that other students may not be
> able to alter this original file, but that changes made by teachers
> could be "saved as" a different name to allow for any
> comments/feedback for these files(projects). Basically keeping the
> original file intact/protected.
>
> I currently have the permissions set for Change and Read but have not
> checked the "Full Control" option, only listed user is "Everyone".
>
> I tried it with just the "Read" option, but it wouldn't allow anyone
> to save the original file. Not sure what the difference is between
> "Full Control" and "Change", as it appears they both allow the same
> amount of access to the files.
>
> As I said I'm not sure what I'm asking is even possible, Thanks for
> any wisdom.
>
> niteowl

You could run a WMI background task on the server to monitor the folder in
question. Whenever a new file is created in this folder then WMI
makes it read-only. Students will thus be able to create files but once they
are created nobody can modify or delete them.

 

On Mon, 20 Apr 2009 10:46:39 +0200, "Pegasus [MVP]"
<news@microsoft.com> wrote:

>
><niteowl> wrote in message
>news:2vbou41gkpafi5u0h05jkd0id6h0j9dccc@4ax.com...
>> Hi all,
>>
>> I'm a volunteer IT for a small middle school and am not very familiar
>> with the security possibilities of the Server 2003 O/S. Google has
>> not turned up anything to my specific need. I have one server 2003
>> with a shared folderfor the students to save files to from a computer
>> lab(XP Pro SP2) and wish to know if what I want to do is even
>> possible.
>>
>> I would like for all students to be able to save files to this shared
>> server folder (sub folders for each teacher) and once the file is
>> saved have it become "read only" so that other students may not be
>> able to alter this original file, but that changes made by teachers
>> could be "saved as" a different name to allow for any
>> comments/feedback for these files(projects). Basically keeping the
>> original file intact/protected.
>>
>> I currently have the permissions set for Change and Read but have not
>> checked the "Full Control" option, only listed user is "Everyone".
>>
>> I tried it with just the "Read" option, but it wouldn't allow anyone
>> to save the original file. Not sure what the difference is between
>> "Full Control" and "Change", as it appears they both allow the same
>> amount of access to the files.
>>
>> As I said I'm not sure what I'm asking is even possible, Thanks for
>> any wisdom.
>>
>> niteowl
>
>You could run a WMI background task on the server to monitor the folder in
>question. Whenever a new file is created in this folder then WMI
>makes it read-only. Students will thus be able to create files but once they
>are created nobody can modify or delete them.
>

that sounds promising... how would "I" or a teacher then be able to
delete them?? and ..... what is a WMI background task and how do I
set it up??

thanks,
niteowl

 

<niteowl> wrote in message
news:16rou49e8mhbd0f6cbpeidi9p0ogjfqibs@4ax.com...
> On Mon, 20 Apr 2009 10:46:39 +0200, "Pegasus [MVP]"
> <news@microsoft.com> wrote:
>
>>
>><niteowl> wrote in message
>>news:2vbou41gkpafi5u0h05jkd0id6h0j9dccc@4ax.com...
>>> Hi all,
>>>
>>> I'm a volunteer IT for a small middle school and am not very familiar
>>> with the security possibilities of the Server 2003 O/S. Google has
>>> not turned up anything to my specific need. I have one server 2003
>>> with a shared folderfor the students to save files to from a computer
>>> lab(XP Pro SP2) and wish to know if what I want to do is even
>>> possible.
>>>
>>> I would like for all students to be able to save files to this shared
>>> server folder (sub folders for each teacher) and once the file is
>>> saved have it become "read only" so that other students may not be
>>> able to alter this original file, but that changes made by teachers
>>> could be "saved as" a different name to allow for any
>>> comments/feedback for these files(projects). Basically keeping the
>>> original file intact/protected.
>>>
>>> I currently have the permissions set for Change and Read but have not
>>> checked the "Full Control" option, only listed user is "Everyone".
>>>
>>> I tried it with just the "Read" option, but it wouldn't allow anyone
>>> to save the original file. Not sure what the difference is between
>>> "Full Control" and "Change", as it appears they both allow the same
>>> amount of access to the files.
>>>
>>> As I said I'm not sure what I'm asking is even possible, Thanks for
>>> any wisdom.
>>>
>>> niteowl
>>
>>You could run a WMI background task on the server to monitor the folder in
>>question. Whenever a new file is created in this folder then WMI
>>makes it read-only. Students will thus be able to create files but once
>>they
>>are created nobody can modify or delete them.
>>
>
> that sounds promising... how would "I" or a teacher then be able to
> delete them?? and ..... what is a WMI background task and how do I
> set it up??
>
> thanks,
> niteowl

WMI (Windows Management Instrumentation) is a powerful tool that lets you
(among numerous other things) monitor what happens to a specific folder.
This script will perform the following actions:
1. It will monitor the specified folder once every 10 seconds.
2. When a file is added to the specified folder then the script will pause
for 10 seconds to ensure that the file writing process is complete.
3. It will then use cacls.exe to set the required permissions.

You ask how you or a teacher would be able to delete the file. Since you are
a server administrator, I'm sure you are familiar with NTFS access rights
and how to set them. There is nothing to it!

Instructions:
1. Copy & paste the code below into c:\Windows\niteowl.vbs. Do not retype
it - it's a recipe for making mistakes!
2. Adjust the first three lines to suit your environment, then save the
file.
3. Open a Command Prompt.
4. Type this command: cscript / ologo c:\Windows\niteowl.vbs
5. Open another Command Prompt.
6. Type this command: dir > "E:\User Data\dir.txt"
7. Watch what happens in the first Command Prompt.
8. Check the permissions of the file "E:\User Data\dir.txt".
9. When you're happy with the result, use the Task Scheduler to invoke this
command at boot time:
cscript / ologo c:\Windows\niteowl.vbs
10. Reboot the server.
11. Manually create some new file in "E:\User Data"
12. Check the permission structure of the new files.

sFolder = "E:\User Data"
sParm1 = " /e /c /g config:F /R everyone"
sParm2 = " /e /c /g everyone:R"
DQ = """"

Set WshShell = CreateObject("WScript.Shell")
sCommand = WshShell.ExpandEnvironmentStrings("%ComSpec% /c cacls.exe ")
sFolder = "'Win32_Directory.Name=" & DQ _
& Replace(sFolder, "\", "\\\\") & DQ & "'"

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
("SELECT * FROM __InstanceCreationEvent WITHIN 10 WHERE " _
& "Targetinstance ISA 'CIM_DirectoryContainsFile' and " _
& "TargetInstance.GroupComponent= " & sFolder)
Do
Set objLatestEvent = colMonitoredEvents.NextEvent
sFileName = Split(objLatestEvent.TargetInstance.PartComponent, "=")(1)
sFileName = Replace(sFileName, "\\", "\")
WScript.Sleep 10
i1 = WshShell.Run(sCommand & sFileName & sParm1, 7, True)
i2 = WshShell.Run(sCommand & sFileName & sParm2, 7, True)
If i1 + i2 = 0 Then
WScript.Echo "The file " & sFileName & " is now read-only."
Else
WScript.Echo "Could not set the permissions for " & sFileName
End If
Loop

It is possible that your newsreader wraps some code lines around. Here is
the same code in a line-numbered form so that you can check where each line
starts and ends:
01. sFolder = "E:\Tools"
02. sParm1 = " /e /c /g config:F /R everyone"
03. sParm2 = " /e /c /g everyone:R"
04. DQ = """"
05.
06. Set WshShell = CreateObject("WScript.Shell")
07. sCommand = WshShell.ExpandEnvironmentStrings("%ComSpec% /c cacls.exe ")
08. sFolder = "'Win32_Directory.Name=" & DQ _
09. & Replace(sFolder, "\", "\\\\") & DQ & "'"
10.
11. Set objWMIService = GetObject("winmgmts:" _
12. & "{impersonationLevel=impersonate}!\\.\root\cimv2")
13. Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
14. ("SELECT * FROM __InstanceCreationEvent WITHIN 10 WHERE " _
15. & "Targetinstance ISA 'CIM_DirectoryContainsFile' and " _
16. & "TargetInstance.GroupComponent= " & sFolder)
17. Do
18. Set objLatestEvent = colMonitoredEvents.NextEvent
19. sFileName = Split(objLatestEvent.TargetInstance.PartComponent,
"=")(1)
20. sFileName = Replace(sFileName, "\\", "\")
21. WScript.Sleep 10
22. i1 = WshShell.Run(sCommand & sFileName & sParm1, 7, True)
23. i2 = WshShell.Run(sCommand & sFileName & sParm2, 7, True)
24. If i1 + i2 = 0 Then
25. WScript.Echo "The file " & sFileName & " is now read-only."
26. Else
27. WScript.Echo "Could not set the permissions for " & sFileName
28. End If
29. Loop

 

On Mon, 20 Apr 2009 15:41:03 +0200, "Pegasus [MVP]"
<news@microsoft.com> wrote:

>
><niteowl> wrote in message
>news:16rou49e8mhbd0f6cbpeidi9p0ogjfqibs@4ax.com...
>> On Mon, 20 Apr 2009 10:46:39 +0200, "Pegasus [MVP]"
>> <news@microsoft.com> wrote:
>>
>>>
>>><niteowl> wrote in message
>>>news:2vbou41gkpafi5u0h05jkd0id6h0j9dccc@4ax.com...
>>>> Hi all,
>>>>
>>>> I'm a volunteer IT for a small middle school and am not very familiar
>>>> with the security possibilities of the Server 2003 O/S. Google has
>>>> not turned up anything to my specific need. I have one server 2003
>>>> with a shared folderfor the students to save files to from a computer
>>>> lab(XP Pro SP2) and wish to know if what I want to do is even
>>>> possible.
>>>>
>>>> I would like for all students to be able to save files to this shared
>>>> server folder (sub folders for each teacher) and once the file is
>>>> saved have it become "read only" so that other students may not be
>>>> able to alter this original file, but that changes made by teachers
>>>> could be "saved as" a different name to allow for any
>>>> comments/feedback for these files(projects). Basically keeping the
>>>> original file intact/protected.
>>>>
>>>> I currently have the permissions set for Change and Read but have not
>>>> checked the "Full Control" option, only listed user is "Everyone".
>>>>
>>>> I tried it with just the "Read" option, but it wouldn't allow anyone
>>>> to save the original file. Not sure what the difference is between
>>>> "Full Control" and "Change", as it appears they both allow the same
>>>> amount of access to the files.
>>>>
>>>> As I said I'm not sure what I'm asking is even possible, Thanks for
>>>> any wisdom.
>>>>
>>>> niteowl
>>>
>>>You could run a WMI background task on the server to monitor the folder in
>>>question. Whenever a new file is created in this folder then WMI
>>>makes it read-only. Students will thus be able to create files but once
>>>they
>>>are created nobody can modify or delete them.
>>>
>>
>> that sounds promising... how would "I" or a teacher then be able to
>> delete them?? and ..... what is a WMI background task and how do I
>> set it up??
>>
>> thanks,
>> niteowl

WOW! Thanks!! I have copied it and am now looking through it trying
to understand it.

I will put this on the server on Wed. when I go in to work.
I spent today reading up on WMI, did a google search, found a utility
for writing the scripts from microsoft, but hadn't found anything
really useful for me yet.

When you don't know anything it's pretty overwhelming.

>WMI (Windows Management Instrumentation) is a powerful tool that lets you
>(among numerous other things) monitor what happens to a specific folder.
>This script will perform the following actions:
>1. It will monitor the specified folder once every 10 seconds.
>2. When a file is added to the specified folder then the script will pause
>for 10 seconds to ensure that the file writing process is complete.
>3. It will then use cacls.exe to set the required permissions.
>
>You ask how you or a teacher would be able to delete the file. Since you are
>a server administrator, I'm sure you are familiar with NTFS access rights
>and how to set them. There is nothing to it!

I'm somewhat familiar, I'll poke around... I may be functioning as
a server administrator, but I'm just beginning. I've a lot of
learning to do.

>Instructions:
>1. Copy & paste the code below into c:\Windows\niteowl.vbs. Do not retype
>it - it's a recipe for making mistakes!
>2. Adjust the first three lines to suit your environment, then save the
>file.

looking at those three lines, it seems like I just need to insert the
path to the folder on my machine, which I should be able to figure
out.

The instructions seem very plain, can't wait to get this on and test
it out.

>3. Open a Command Prompt.
>4. Type this command: cscript / ologo c:\Windows\niteowl.vbs
>5. Open another Command Prompt.
>6. Type this command: dir > "E:\User Data\dir.txt"
>7. Watch what happens in the first Command Prompt.
>8. Check the permissions of the file "E:\User Data\dir.txt".
>9. When you're happy with the result, use the Task Scheduler to invoke this
>command at boot time:
> cscript / ologo c:\Windows\niteowl.vbs
>10. Reboot the server.
>11. Manually create some new file in "E:\User Data"
>12. Check the permission structure of the new files.
>
>sFolder = "E:\User Data"
>sParm1 = " /e /c /g config:F /R everyone"
>sParm2 = " /e /c /g everyone:R"
>DQ = """"
>
>Set WshShell = CreateObject("WScript.Shell")
>sCommand = WshShell.ExpandEnvironmentStrings("%ComSpec% /c cacls.exe ")
>sFolder = "'Win32_Directory.Name=" & DQ _
> & Replace(sFolder, "\", "\\\\") & DQ & "'"
>
>Set objWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate}!\\.\root\cimv2")
>Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
> ("SELECT * FROM __InstanceCreationEvent WITHIN 10 WHERE " _
> & "Targetinstance ISA 'CIM_DirectoryContainsFile' and " _
> & "TargetInstance.GroupComponent= " & sFolder)
>Do
> Set objLatestEvent = colMonitoredEvents.NextEvent
> sFileName = Split(objLatestEvent.TargetInstance.PartComponent, "=")(1)
> sFileName = Replace(sFileName, "\\", "\")
> WScript.Sleep 10
> i1 = WshShell.Run(sCommand & sFileName & sParm1, 7, True)
> i2 = WshShell.Run(sCommand & sFileName & sParm2, 7, True)
> If i1 + i2 = 0 Then
> WScript.Echo "The file " & sFileName & " is now read-only."
> Else
> WScript.Echo "Could not set the permissions for " & sFileName
> End If
>Loop
>
>It is possible that your newsreader wraps some code lines around. Here is
>the same code in a line-numbered form so that you can check where each line
>starts and ends:

excellent forethought... that was very helpful.

>01. sFolder = "E:\Tools"
>02. sParm1 = " /e /c /g config:F /R everyone"
>03. sParm2 = " /e /c /g everyone:R"
>04. DQ = """"
>05.
>06. Set WshShell = CreateObject("WScript.Shell")
>07. sCommand = WshShell.ExpandEnvironmentStrings("%ComSpec% /c cacls.exe ")
>08. sFolder = "'Win32_Directory.Name=" & DQ _
>09. & Replace(sFolder, "\", "\\\\") & DQ & "'"
>10.
>11. Set objWMIService = GetObject("winmgmts:" _
>12. & "{impersonationLevel=impersonate}!\\.\root\cimv2")
>13. Set colMonitoredEvents = objWMIService.ExecNotificationQuery _
>14. ("SELECT * FROM __InstanceCreationEvent WITHIN 10 WHERE " _
>15. & "Targetinstance ISA 'CIM_DirectoryContainsFile' and " _
>16. & "TargetInstance.GroupComponent= " & sFolder)
>17. Do
>18. Set objLatestEvent = colMonitoredEvents.NextEvent
>19. sFileName = Split(objLatestEvent.TargetInstance.PartComponent,
>"=")(1)
>20. sFileName = Replace(sFileName, "\\", "\")
>21. WScript.Sleep 10
>22. i1 = WshShell.Run(sCommand & sFileName & sParm1, 7, True)
>23. i2 = WshShell.Run(sCommand & sFileName & sParm2, 7, True)
>24. If i1 + i2 = 0 Then
>25. WScript.Echo "The file " & sFileName & " is now read-only."
>26. Else
>27. WScript.Echo "Could not set the permissions for " & sFileName
>28. End If
>29. Loop

Again, thank you so much!!!! I'll let you know how it goes.

niteowl

 

*** See my comments below.

<niteowl> wrote in message
news:jh3qu45486qetfm0kp029vmopre2n95vfo@4ax.com...
> On Mon, 20 Apr 2009 15:41:03 +0200, "Pegasus [MVP]"
> <news@microsoft.com> wrote:
>
>>
> WOW! Thanks!! I have copied it and am now looking through it trying
> to understand it.
>
> I will put this on the server on Wed. when I go in to work.
> I spent today reading up on WMI, did a google search, found a utility
> for writing the scripts from microsoft, but hadn't found anything
> really useful for me yet.

*** The core of the script comes from here:
***
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1011.mspx
*** I recommend you download the whole Scripting Guy file -
*** there is a wealth of useful stuff in there! You should also
*** download the file script56.chm - it contains a full listing
*** of all basic VB Script commands, with examples.

> When you don't know anything it's pretty overwhelming.
>
>>Instructions:
>>1. Copy & paste the code below into c:\Windows\niteowl.vbs. Do not retype
>>it - it's a recipe for making mistakes!
>>2. Adjust the first three lines to suit your environment, then save the
>>file.
>
> looking at those three lines, it seems like I just need to insert the
> path to the folder on my machine, which I should be able to figure
> out.

*** You also need to set the appropriate permission parameters
*** for the cacls command that is used in the code.

> The instructions seem very plain, can't wait to get this on and test
> it out.

Instead of using the code I posted previously, use this one. The
previous code would fail if a file name include an "=" character -
which is a valid character for a file name!

'-------------------------------------------------------
'This code will modify the access permissions of all new
'files inside the nominated folder within 60 seconds of
'creation.
'20.4.2009 FNL
'-------------------------------------------------------
sFolder = "E:\User Data\"
sParm1 = " /e /c /g config:F /R everyone"
sParm2 = " /e /c /g everyone:R"
iPoll = 60 'seconds between polls
iWait = 10 'seconds to wait when a new file is created
DQ = """"

Set WshShell = CreateObject("WScript.Shell")
sCommand = WshShell.ExpandEnvironmentStrings("%ComSpec% /c cacls.exe ")
If Right(sFolder, 1) = "\" _
Then sFolder = Left(sFolder, Len(sFolder) - 1)
sParm = "'Win32_Directory.Name=" & DQ _
& Replace(sFolder, "\", "\\\\") & DQ & "'"

Set oWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\.\root\cimv2")

Set cMonitoredEvents = oWMIService.ExecNotificationQuery _
("SELECT * FROM __InstanceCreationEvent WITHIN " & iPoll _
& " where TargetInstance ISA 'CIM_DirectoryContainsFile'" _
& " and TargetInstance.GroupComponent = " & sParm)
Do
Set oLatestEvent = cMonitoredEvents.NextEvent
sFileName = oLatestEvent.TargetInstance.PartComponent
sFileName = Replace(Mid(sFileName, InStr(sFileName, _
"=") + 1), "\\", "\")
WScript.Sleep iWait
i1 = WshShell.Run(sCommand & sFileName & sParm1, 7, True)
i2 = WshShell.Run(sCommand & sFileName & sParm2, 7, True)
If i1 + i2 = 0 Then
WScript.Echo "The file " & sFileName & " is now read-only."
Else
WScript.Echo "Could not set the permissions for " & sFileName
End If
Loop

 

On Tue, 21 Apr 2009 08:03:10 +0200, "Pegasus [MVP]"
<news@microsoft.com> wrote:

>*** See my comments below.


><niteowl> wrote in message
>news:jh3qu45486qetfm0kp029vmopre2n95vfo@4ax.com...
>> On Mon, 20 Apr 2009 15:41:03 +0200, "Pegasus [MVP]"
>> <news@microsoft.com> wrote:
>>
>>>
>> WOW! Thanks!! I have copied it and am now looking through it trying
>> to understand it.
>>
>> I will put this on the server on Wed. when I go in to work.
>> I spent today reading up on WMI, did a google search, found a utility
>> for writing the scripts from microsoft, but hadn't found anything
>> really useful for me yet.
>
>*** The core of the script comes from here:
>***
>http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1011.mspx
>*** I recommend you download the whole Scripting Guy file -
>*** there is a wealth of useful stuff in there! You should also
>*** download the file script56.chm - it contains a full listing
>*** of all basic VB Script commands, with examples.

I will definitely do this.... thanks


>> When you don't know anything it's pretty overwhelming.
>>
>>>Instructions:
>>>1. Copy & paste the code below into c:\Windows\niteowl.vbs. Do not retype
>>>it - it's a recipe for making mistakes!
>>>2. Adjust the first three lines to suit your environment, then save the
>>>file.
>>
>> looking at those three lines, it seems like I just need to insert the
>> path to the folder on my machine, which I should be able to figure
>> out.
>
>*** You also need to set the appropriate permission parameters
>*** for the cacls command that is used in the code.

?? is that different than setting the Permissions when setting up the
folder for sharing?

>> The instructions seem very plain, can't wait to get this on and test
>> it out.
>
>Instead of using the code I posted previously, use this one. The
>previous code would fail if a file name include an "=" character -
>which is a valid character for a file name!

I will use this, but I usually tell the students to create a filename
without spaces and using only underscores or hyphens.

>'-------------------------------------------------------
>'This code will modify the access permissions of all new
>'files inside the nominated folder within 60 seconds of
>'creation.
>'20.4.2009 FNL
>'-------------------------------------------------------
>sFolder = "E:\User Data\"
>sParm1 = " /e /c /g config:F /R everyone"
>sParm2 = " /e /c /g everyone:R"
>iPoll = 60 'seconds between polls
>iWait = 10 'seconds to wait when a new file is created
>DQ = """"
>
>Set WshShell = CreateObject("WScript.Shell")
>sCommand = WshShell.ExpandEnvironmentStrings("%ComSpec% /c cacls.exe ")
>If Right(sFolder, 1) = "\" _
>Then sFolder = Left(sFolder, Len(sFolder) - 1)
>sParm = "'Win32_Directory.Name=" & DQ _
> & Replace(sFolder, "\", "\\\\") & DQ & "'"
>
>Set oWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate}!\\.\root\cimv2")
>
>Set cMonitoredEvents = oWMIService.ExecNotificationQuery _
> ("SELECT * FROM __InstanceCreationEvent WITHIN " & iPoll _
> & " where TargetInstance ISA 'CIM_DirectoryContainsFile'" _
> & " and TargetInstance.GroupComponent = " & sParm)
>Do
> Set oLatestEvent = cMonitoredEvents.NextEvent
> sFileName = oLatestEvent.TargetInstance.PartComponent
> sFileName = Replace(Mid(sFileName, InStr(sFileName, _
> "=") + 1), "\\", "\")
> WScript.Sleep iWait
> i1 = WshShell.Run(sCommand & sFileName & sParm1, 7, True)
> i2 = WshShell.Run(sCommand & sFileName & sParm2, 7, True)
> If i1 + i2 = 0 Then
> WScript.Echo "The file " & sFileName & " is now read-only."
> Else
> WScript.Echo "Could not set the permissions for " & sFileName
> End If
>Loop
>

 

<niteowl> wrote in message
news:rrbru49li8f7qmjne9jr8bijtk61v4bigv@4ax.com...
>>*** You also need to set the appropriate permission parameters
>>*** for the cacls command that is used in the code.
>
> ?? is that different than setting the Permissions when setting up the
> folder for sharing?

NTFS permissions and share permissions are two completely independent
mechanisms. Server administrators usually set the share permissions to "Full
access" for everyone, then set the NTFS permissions to suit their specific
requirements. To be successfull at your job as a server administrator you
must familiarise yourself with file & folder permissions (=NTFS
permissions). Click Start/Help, then look for help on "Permissions" to see
how it is done. You must then become familiar with the Console command
"cacls.exe" so that you can adjust the parameters in my script to suit your
needs. If you do not know what they mean then you will not achieve your aim.

Note that students are the most ingenious users when it comes to getting
around file and folder restrictions. Unless you get on top of this subject
very quickly you're heading for a major disaster, e.g. students modifying
other student's papers, pinching exam papers ahead of exams, changing test
records, erasing key files etc. etc. Since this appears to be your first job
in this type of environment I suggest you set up your security, then hire a
qualified consultant to examine it for security holes. His fee would be
money well spent!

 

On Tue, 21 Apr 2009 14:31:29 +0200, "Pegasus [MVP]"
<news@microsoft.com> wrote:

>
><niteowl> wrote in message
>news:rrbru49li8f7qmjne9jr8bijtk61v4bigv@4ax.com...
>>>*** You also need to set the appropriate permission parameters
>>>*** for the cacls command that is used in the code.
>>
>> ?? is that different than setting the Permissions when setting up the
>> folder for sharing?
>
>NTFS permissions and share permissions are two completely independent
>mechanisms. Server administrators usually set the share permissions to "Full
>access" for everyone, then set the NTFS permissions to suit their specific
>requirements. To be successfull at your job as a server administrator you
>must familiarise yourself with file & folder permissions (=NTFS
>permissions). Click Start/Help, then look for help on "Permissions" to see
>how it is done. You must then become familiar with the Console command
>"cacls.exe" so that you can adjust the parameters in my script to suit your
>needs. If you do not know what they mean then you will not achieve your aim.
>
>Note that students are the most ingenious users when it comes to getting
>around file and folder restrictions. Unless you get on top of this subject
>very quickly you're heading for a major disaster, e.g. students modifying
>other student's papers, pinching exam papers ahead of exams, changing test
>records, erasing key files etc. etc. Since this appears to be your first job
>in this type of environment I suggest you set up your security, then hire a
>qualified consultant to examine it for security holes. His fee would be
>money well spent!

Thanks for the help and suggestions... will try this out tomorrow..

niteowl