|
Hello,
I'm using cacls to change permissions on some files, however it's not giving me the outcome I want. I realise this is not really a Kix problem, but just wondering if anyone has any ideas...
Basically the situation is that I have an ini file which I want users and administrators of the local pc to be able to read (actually the application running as the user account), but not to be able to modify the contents, delete, move or change the filename. The only users who should have access to this is the applications admin group in AD.
By giving the AD admins group FC, and the local users group Read and execute access, I have been able to achieve this. The problem lies with the local administrators group. I haven't been able to find the correct permissions to deny them modify permissions, without explicity denying both the local users and local admins full control, but then they cannot open the file either.
I realise that local admins would be able to change the permissions back to modify themselves, but we are hoping to play on most users ignorance of NTFS permissions.
Any help would be appreciated.
| 
