I've seen a lot of answers on copying files that use code to set a network share, with credentials, to copy to somewhere else. However I need a solution that will allow a user to copy from a network share they already have access for, to a local drive they don't have access to.
We run RDS servers and have locked down direct access to the local C:/ drive on the servers. We have been given a 3rd party program that needs to read data files that must be stored in a fixed path on the C:/ drive. These data files are updated once a month. Our users have read access but we do not want to give them direct write access to the root C:/ drive.
I need to write a piece of vb.net, or command line code in .bat file that will copy files to the Local C:/ whilst providing the details of a service account to provide the access.
As mentioned I've seen a lot about setting up a mapping to shared folder and passing creds, however we don't want to set the C:/ as mapped shared drive in this instance.
You don't want the user having access to the C Drive in general, is there any particular reason the permissions on the particular subfolder the files are going to can't have overriding permissions to allow writing to just that folder?
If that will not work, first thought that comes to mind is having a helper program that can be ran under a different user that does have that access. Set up an intermediate folder the user can write to, the program that they can launch drops the files into a folder they have access to. Helper program watches for files in the intermediate folder, moves them to where they need to be.
Set up would need to include adding a user that does have access to both locations, and then adding to task manager to launch the helper program under that other user at login.
Related
recently I have created a share folder (in windows8) in my organization where everyone has to submit their work. But later I found some one deleting files of others.
From now onward I want keep an eye on the shared folder. Is there any way to save the logs in shared folders. I tried using windows event logs but I am not able to find what I want.Please some one help me.
Windows may log certain authentication events in the Security event-log, however this will only contain useful information if you used local user accounts and gave each person their own local user account (but if you did that, you could prevent them from deleting each others' files).
However Windows does not log SMB share file activity. The Shares list in MMC/Computer Management only lists currently active/open shares too.
All I can suggest is to avoid this from happening in future by either tightening security by creating user-accounts for each person and giving them their own shared directory which only they (and you) have write-access to. Another alternative is to have a program running in the background on your computer that monitors the shared folder for new files and when it detects a file has been placed it moves it away to an inaccessible directory elsewhere.
Is there a way to access arbitrary network shared paths and read their content in WinRT? Programatically I want to read from the network shared paths in a WinRT App. I am getting an Access Denied error.
I was told that it might be possible to access the network shared path using file picker provided the app request for permission.
But in my case I do not have access to the file picker. Instead while parsing my model if there is path, I need to read the contents from that path. If that path is network shared path, it fails.
You won't be able to access arbitrary files without the user's explicit permission (via the File Picker).
Some well-known locations like the music and pictures library can be read if the application's manifest includes the associated Declaration, but beyond that all the application can access without the user granting permission (at least once) is its local application data storage.
Have a look at this question: Windows 8 Metro App File Share Access
You may be able to work around this limitation by using a Web Service that has access to the file shares. ;)
I have a shared folder in my network where a lot of users access and store their documents. I'm admin of this shared folder and I've denied delete permissions for all other users.
The problem starts when a user creates a new folder and tries to rename it.
Windows says "Access denied"
I'm assuming that this might be because I've denied delete permissions for that user.
(Since Rename=Delete+CreateFolderWithNewName)
Is there any way so that I can keep the delete permissions intact, and allow the user to rename his files/folders?
Or any other workarounds?
I'm using Windows Server 2008 and NTFS file system.
As suggested, you should look into the folder design / your setup.
A kind of Work around, is to give "Delete" and "Delete subfolders and files" rights to "CREATOR OWNER", then the creator of the file or folder is able to rename (and delete) his own files/folders.
Maybe you could Schedule a nightly powershell script (not privided) which takes ownership of all files and folders, to restrict owners from future renaming/deletion of files
If they creating in the shared folder it will inherit the permissions of the shared folder. You would need to break inheritance and allow delete permissions on the sub folder to achieve what you want.
There are two managable solutions if there are alot of folders created in the root.
Write a service/application to do that for you.
Create a series of folders (perhaps person/team based) in the folder, change the permissions on them and tell users to store files in there.
This is installed on a Unix system I don't have direct access to, but can get insight on by sitting with a network team.
The problem is this, I have 3 folders I need access to, read and write. The problem is, I only have access to 1 of them, and only read. This is via ColdFusion, I can get into them fine with the user they are assigned to (and the CF server runs on, which is the "www" user).
I CAN read and write to the temporary file directory, the place files are stored before they are moved to the destination directory (SERVER-INF/ etc etc etc), but that's not helpful. I have tried having the network people set the permissions for the other folders to the same thing, but with no results. The current settings of the folder I can access are rwxrws--- and the other folders are rwxrwxr-x, so I should have more permissions ( the "s" is not a mistake in the first folder).
We have tried setting the other folders to 777 and we did not even get read capability. Does the server need to be restarted on a Unix box after setting new permissions for ColdFusion to be able to get to them? I'm out of ideas right now, I'll take any new suggestions.
TL;DR
All using ColdFusion
temp directory - can read and write to
folder 1 - can read from (including subdirectories)
folder 2 - cannot read or write to (permission denied)
folder 3 - cannot read or write to (permission denied)
Goal: Get upload functionality working.
Edit: Server using apache
Just a random guess... Have you checked that paths you are trying to access are fully correct? They should be absolute for file operations, and www user must have X permissions on the all path directories -- to enter them.
The problem ended up being a restart was required after setting the new folder permissions. We didn't think this was an issue on a Unix box, however ColdFusion apparently did. This worked.
Ideally I'd like to be able to copy/move between an accessible folder on my local drive and a network share that I don't have permission to access (but the application would).
I am using impersonation to give me access to the files in the network share but using System.IO File.Move or File.Copy forces me to use the same credentials for each location. Is there a way around this?
What I believe you could do is something like this.
Do the impersonation to allow the selection of files. Copy the files to a location that the app can get to.
Stop the impersonation then have the application copy the file from the temp location to the desired end result.
We have done this before in our applications, it isn't elegant, but it works perfectly!
We've done something similar to what Mitchel Sellers is doing, except that we don't have a location that both identities can read from. We are reading blocks of data into memory using the local context and writing them out while impersonating the remote user.