Ping a Specific Port

Question

Bigbio2002

Asked: 2012-07-18 08:41:27 +0800 CST2012-07-18 08:41:27 +0800 CST 2012-07-18 08:41:27 +0800 CST

Is it possible to grant rename permissions, but not delete, in NTFS?

772

We have a folder for employees to scan contracts to. After scanning, they're supposed to rename them according to our conventions so they can be processed further. In response to a recent incident, these folders have had their security locked down (they're granted write, but not modify, permission) and now they are unable to rename the files.

Is there a technical way to accomplish what I'm trying to do? From what I've read, I don't think this is possible.

If not, can you suggest any workarounds? One possibility is to set the name of the file as it's being scanned in. Another is to have a trusted person in management be given sufficient permissions to rename.

4 Answers

Voted

Paul Ackerman · Answer 1 · 2012-07-18T08:47:12+08:00

Best Answer

Paul Ackerman

2012-07-18T08:47:12+08:002012-07-18T08:47:12+08:00

Apparently rename requires the delete permission. Alternatively, could you have the files be renamed before being placed in the required folder?
Another idea - perhaps a batch job could run that would rename files appropriately that could be run as a schedule task on the server with appropriate permissions.

2

Deleted · Answer 2 · 2012-07-18T08:50:37+08:00

Deleted

2012-07-18T08:50:37+08:002012-07-18T08:50:37+08:00

Not only using NTFS file permissions.

You could create a program which runs as a service that is started when the computer starts. Said service runs under an account which is allowed to delete and create files (and thus rename files).

Then you create a small program which performs rename on files by calling the service you wrote. That program could present itself in the explorer context menu when right clicking on a file as "Privileged rename".

1

0xC0000022L · Answer 3 · 2013-02-15T18:40:36+08:00

0xC0000022L

2013-02-15T18:40:36+08:002013-02-15T18:40:36+08:00

Let me write my comment up as an answer. You could write a resident PowerShell script that uses (Start-FileSystemWatcher from PowerShellPack) to watch for new files in that particular location and then hardlink those into a location not accessible by the employees. Your biggest concern seems to be that none of the data ever gets removed again, so this would accomplish it, while still providing the Delete ACE needed for renaming. In your "backup" location with the hardlinks you could then keep an index based on the cryptographic has (SHA1 comes to mind) and thus avoid duplicates. Of course the complexity of this can be bumped up further to suit your needs.

Of course such PowerShell script could take over the renaming task itself. Depends on how easy the rules are to automate.

0

user49146 · Answer 4 · 2015-01-15T04:33:10+08:00

user49146

2015-01-15T04:33:10+08:002015-01-15T04:33:10+08:00

Rename is actually a move command in terms of FS operations, so the answer is NO.

-2

Is it possible to grant rename permissions, but not delete, in NTFS?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?