I'm looking for a safe and secure way to grant a user access to a particular folder during a strict period of time. For this example let's say, from 8:00AM to 8:30AM, Monday to Friday.
My reasoning for wanting to do this is because we have a developer who is responsible for building a portion of our online product. These builds are ONLY supposed to go out at particular times and only after thorough testing by our QA department. Only problem is this is not being adhered to. Last week this individual built and released code outside of the time-frame without having been properly tested. The code broke online nearly immediately and then the hot-fixes started flying out the door.
I understand that there are many solutions to this problem but all of them lie outside of my control. However, granting access to the resource in question lies within my control and if I could suggest this as a viable option I'm quite confident that it would be accepted.
So, can this be achieved in a secure fashion? (not storing passwords in plain text, etc) Is there a better alternative that doesn't involve reworking our management and/or QA processes?
Additional info: - Windows Server 2003 AD network
Thank you.
It might be simplest to create an an account that is only enabled during the update window, and have them use that account to update.
You could use a script using cacls and have it run using scheduled tasks to modify the deny write permission on the directories in question.
So you would need to create a security group and make the user a member.
Add the security group to the NTFS permissions on the folder in question and set it to deny write.
Then you would have one script using cacls to modify the write from deny
to allow, and another script to
change the write back to deny at the required times.
Edit: You could also look at SetACL instead of cacls.