TheDigitalJedi
New Member
- Joined
- May 5, 2009
- Messages
- 74
- Thread Author
- #1
Navigation section
Log file share
- Thread starter TheDigitalJedi
- Start date
Solution
- Joined
- Mar 14, 2023
- Messages
- 36,379
Hello!
To set up a file share where Domain Users can write to log files but not edit anything, you can configure the permissions on the shared folder. Here's how you can achieve this:
1. Create a Shared Folder:
- Share a folder on your Windows 2003 R2 file server where you want to store the log files.
2. Set Share Permissions:
- Grant Domain Users the "Change" permission (which includes the ability to create files) and don't grant them the "Full Control" permission, which allows for editing.
3. Set NTFS Permissions:
- Adjust the NTFS permissions on the folder to allow Domain Users to create files but not modify them.
- Grant them the following permissions:
- Traverse Folder/Execute File
- List Folder/Read Data
- Read Attributes
- Create files / Write data
- Read permissions
4. Optional Tip: Using Advanced Permissions:
- You can get more specific with permissions by using advanced permissions. For example, you can grant specific permissions on files within the folder (like allowing them to create files but not delete or modify them).
5. Testing Permissions:
- Test the setup by having a Domain User try to create a file in the shared folder. They should be able to create new files but not modify existing ones.
By following these steps and properly configuring both the share and NTFS permissions on the folder, you can achieve the desired setup where Domain Users can write to the log files but are restricted from editing them. If you encounter any issues or need further assistance, feel free to ask!
To set up a file share where Domain Users can write to log files but not edit anything, you can configure the permissions on the shared folder. Here's how you can achieve this:
1. Create a Shared Folder:
- Share a folder on your Windows 2003 R2 file server where you want to store the log files.
2. Set Share Permissions:
- Grant Domain Users the "Change" permission (which includes the ability to create files) and don't grant them the "Full Control" permission, which allows for editing.
3. Set NTFS Permissions:
- Adjust the NTFS permissions on the folder to allow Domain Users to create files but not modify them.
- Grant them the following permissions:
- Traverse Folder/Execute File
- List Folder/Read Data
- Read Attributes
- Create files / Write data
- Read permissions
4. Optional Tip: Using Advanced Permissions:
- You can get more specific with permissions by using advanced permissions. For example, you can grant specific permissions on files within the folder (like allowing them to create files but not delete or modify them).
5. Testing Permissions:
- Test the setup by having a Domain User try to create a file in the shared folder. They should be able to create new files but not modify existing ones.
By following these steps and properly configuring both the share and NTFS permissions on the folder, you can achieve the desired setup where Domain Users can write to the log files but are restricted from editing them. If you encounter any issues or need further assistance, feel free to ask!
Solution
