How is the Create Folders/Append Data and Create Files/Write Data permission different then Write? How does it differentiate an action where the user intends to create/write data versus creating a temp file as a byproduct of opening a Word doc?
On 8/24/07, Ansgar -59cobalt- Wiechers <[EMAIL PROTECTED]> wrote: > On 2007-08-22 Robert McIntyre wrote: > > On my Windows 2003 servers we create a data partition and format it > > with NTFS. The default permissions for Users are Read & Execute, List > > Folder Contents, and Read. This is what we want. But the Users > > account also gets the special permissions Create Folders\Append Data > > and Create Files\Write Data. > > > > From the articles that I have seen on TechNet, the special permissions > > are not needed if we only want read access. So why are they there by > > default? What purpose do they serve? If we remove the special > > permissions will it cause problems? > > > > The only thing that I could think of is that maybe it is needed to > > create a temporary file when you open a document for reading. > > If you remove those ACEs your users will be unable to create files and > folders on that partition. That may cause problems e.g. in cases when > they need to open files with progams like MS Word, because Word creates > temp files in the same directory as the document. > > Regards > Ansgar Wiechers > -- > "All vulnerabilities deserve a public fear period prior to patches > becoming available." > --Jason Coombs on Bugtraq >
