| Author |
Message |
Death n Rebirth
Guest
|
 Posted:
Wed Dec 22, 2004 12:16 pm Post subject:
NTFS Delete right is needed to save Office documents |
|
|
When I remove the delete permission from a NTFS folder, users trying to save
Office documents failed. Because Office create a TMP file on the folder and
then try to save the Office document and delete the TMP file. It is however
the user cannot delete anything, including the TMP file so Office failed to
save, too. How can I solve this problem?
Ian |
|
| Back to top |
|
 |
Roger Abell
Guest
|
| Posted:
Wed Dec 22, 2004 5:11 pm Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
That is the nature of Office. If you want to have Office
documents available in a view-only fashion, consider
having them served by an IIS webserver so that they are
opened locally on the viewing machine within control
hosted by the browser. Else, educate users on making
a local copy from the NTFS store and opening the copy.
Also, you might investigate use of the viewers available
for the different document types.
Again, as far as I know, what you observe is in the nature
of Office, and please do not respond on how foolish it is
as I will not attempt to defend this, being in agreement.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Death n Rebirth" <photo@photo.photo> wrote in message
news:uGGMg2%235EHA.2180@TK2MSFTNGP12.phx.gbl...
| Quote: | When I remove the delete permission from a NTFS folder, users trying to
save
Office documents failed. Because Office create a TMP file on the folder
and
then try to save the Office document and delete the TMP file. It is
however
the user cannot delete anything, including the TMP file so Office failed
to
save, too. How can I solve this problem?
Ian
|
|
|
| Back to top |
|
|
Ken Schaefer
Guest
|
| Posted:
Thu Dec 23, 2004 7:01 am Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
Does CREATOR\OWNER have full control? If so, then the user who created the
temp file should be able to delete it.
Cheers
Ken
"Death n Rebirth" <photo@photo.photo> wrote in message
news:uGGMg2%235EHA.2180@TK2MSFTNGP12.phx.gbl...
| Quote: | When I remove the delete permission from a NTFS folder, users trying to
save
Office documents failed. Because Office create a TMP file on the folder
and
then try to save the Office document and delete the TMP file. It is
however
the user cannot delete anything, including the TMP file so Office failed
to
save, too. How can I solve this problem?
Ian
|
|
|
| Back to top |
|
|
Death n Rebirth
Guest
|
| Posted:
Thu Dec 23, 2004 7:33 am Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
Yes, it is a nature of Office, then is there any trick to, say,
slightly change the Office behaviour so it will create the
TMP file on local HD instead of the destination path?
Ian
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:e3NCnaB6EHA.2012@TK2MSFTNGP15.phx.gbl...
| Quote: | That is the nature of Office. If you want to have Office
documents available in a view-only fashion, consider
having them served by an IIS webserver so that they are
opened locally on the viewing machine within control
hosted by the browser. Else, educate users on making
a local copy from the NTFS store and opening the copy.
Also, you might investigate use of the viewers available
for the different document types.
Again, as far as I know, what you observe is in the nature
of Office, and please do not respond on how foolish it is
as I will not attempt to defend this, being in agreement.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Death n Rebirth" <photo@photo.photo> wrote in message
news:uGGMg2%235EHA.2180@TK2MSFTNGP12.phx.gbl...
When I remove the delete permission from a NTFS folder, users trying to
save
Office documents failed. Because Office create a TMP file on the folder
and
then try to save the Office document and delete the TMP file. It is
however
the user cannot delete anything, including the TMP file so Office failed
to
save, too. How can I solve this problem?
Ian
|
|
|
| Back to top |
|
|
Death n Rebirth
Guest
|
| Posted:
Thu Dec 23, 2004 7:43 am Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
It would solve the document saving problem but it let
my users delete their own files. I don't want them to
delete anything even their own files. Thanks for you
reply.
Ian
"Ken Schaefer" <kenREMOVE@THISadopenstatic.com> wrote in message
news:usO5urI6EHA.208@TK2MSFTNGP12.phx.gbl...
| Quote: | Does CREATOR\OWNER have full control? If so, then the user who created the
temp file should be able to delete it.
Cheers
Ken
|
|
|
| Back to top |
|
|
Roger Abell
Guest
|
| Posted:
Thu Dec 23, 2004 1:15 pm Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
"Death n Rebirth" <photo@photo.photo> wrote in message
news:esZoH9I6EHA.3944@TK2MSFTNGP12.phx.gbl...
| Quote: | Yes, it is a nature of Office, then is there any trick to, say,
slightly change the Office behaviour so it will create the
TMP file on local HD instead of the destination path?
Ian
|
One would think/hope so, as after all the temp env vars
have only existed for ages !!
Perhaps if you asked in one of the Office specific NGs
someone there may know of a trick.
--
Roger Abell
| Quote: | "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:e3NCnaB6EHA.2012@TK2MSFTNGP15.phx.gbl...
That is the nature of Office. If you want to have Office
documents available in a view-only fashion, consider
having them served by an IIS webserver so that they are
opened locally on the viewing machine within control
hosted by the browser. Else, educate users on making
a local copy from the NTFS store and opening the copy.
Also, you might investigate use of the viewers available
for the different document types.
Again, as far as I know, what you observe is in the nature
of Office, and please do not respond on how foolish it is
as I will not attempt to defend this, being in agreement.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Death n Rebirth" <photo@photo.photo> wrote in message
news:uGGMg2%235EHA.2180@TK2MSFTNGP12.phx.gbl...
When I remove the delete permission from a NTFS folder, users trying
to
save
Office documents failed. Because Office create a TMP file on the
folder
and
then try to save the Office document and delete the TMP file. It is
however
the user cannot delete anything, including the TMP file so Office
failed
to
save, too. How can I solve this problem?
Ian
|
|
|
| Back to top |
|
|
Karl Levinson, mvp
Guest
|
| Posted:
Thu Dec 30, 2004 9:51 am Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
When I removed the delete permission, I was able to save office documents, I
just got an error message, and over time a significant number of temporary
files were built up. I am not aware of a way to change where office saves
these temporary files. The users could use a software product other than
Office to save the files, or they could copy the files to the local hard
drive and edit them there before copying them back [not likely to be very
pleasant], or you could rely on daily backups to restore files that were
deleted. The latter is I believe what most people do.
"Death n Rebirth" <photo@photo.photo> wrote in message
news:uGGMg2%235EHA.2180@TK2MSFTNGP12.phx.gbl...
| Quote: | When I remove the delete permission from a NTFS folder, users trying to
save
Office documents failed. Because Office create a TMP file on the folder
and
then try to save the Office document and delete the TMP file. It is
however
the user cannot delete anything, including the TMP file so Office failed
to
save, too. How can I solve this problem?
Ian
|
|
|
| Back to top |
|
|
Roger Abell [MVP]
Guest
|
| Posted:
Thu Dec 30, 2004 11:19 pm Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
Would not use of a grant of modify to Creator Owner allow
for the tmp file to be deleted ?
--
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCDBA, MCSE W2k3+W2k+Nt4
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:%23gSzJJi7EHA.1564@TK2MSFTNGP09.phx.gbl...
| Quote: | When I removed the delete permission, I was able to save office documents,
I
just got an error message, and over time a significant number of temporary
files were built up. I am not aware of a way to change where office saves
these temporary files. The users could use a software product other than
Office to save the files, or they could copy the files to the local hard
drive and edit them there before copying them back [not likely to be very
pleasant], or you could rely on daily backups to restore files that were
deleted. The latter is I believe what most people do.
"Death n Rebirth" <photo@photo.photo> wrote in message
news:uGGMg2%235EHA.2180@TK2MSFTNGP12.phx.gbl...
When I remove the delete permission from a NTFS folder, users trying to
save
Office documents failed. Because Office create a TMP file on the folder
and
then try to save the Office document and delete the TMP file. It is
however
the user cannot delete anything, including the TMP file so Office failed
to
save, too. How can I solve this problem?
Ian
|
|
|
| Back to top |
|
|
Karl Levinson, mvp
Guest
|
| Posted:
Fri Dec 31, 2004 6:56 pm Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:OHs2%23Op7EHA.3504@TK2MSFTNGP12.phx.gbl...
| Quote: | Would not use of a grant of modify to Creator Owner allow
for the tmp file to be deleted ?
|
Not sure, but I wouldn't think so. At any rate, the only reasonable way to
assign delete permissions to temp files on the fly would be to make the
default permission on the folder in question allow file deletion, which
undoes what the OP is trying to do.
--
regards,
Karl Levinson, MS MVP, CISSP
Microsoft Security FAQ:
http://securityadmin.info |
|
| Back to top |
|
|
Roger Abell
Guest
|
| Posted:
Fri Dec 31, 2004 10:53 pm Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:Oma$Gez7EHA.3504@TK2MSFTNGP12.phx.gbl...
| Quote: |
"Roger Abell [MVP]" <mvpNoSpam@asu.edu> wrote in message
news:OHs2%23Op7EHA.3504@TK2MSFTNGP12.phx.gbl...
Would not use of a grant of modify to Creator Owner allow
for the tmp file to be deleted ?
Not sure, but I wouldn't think so. At any rate, the only reasonable way
to
assign delete permissions to temp files on the fly would be to make the
default permission on the folder in question allow file deletion, which
undoes what the OP is trying to do.
|
???? A grant on the containing folder of modify to Creator Owner
does do just that. No change of the not granting Delete on file not
created by the account, but temp files that are created by the account
may be deleted. That is sort of what Creator Owner was designed
for. However, where I am iffy on this is whether Office checks and
barks if the file itself being opened is not loosely premissioned. but
it do not think it will.
--
Roger |
|
| Back to top |
|
|
Karl Levinson, mvp
Guest
|
| Posted:
Sat Jan 01, 2005 11:53 pm Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:ufwiYj17EHA.3700@tk2msftngp13.phx.gbl...
| Quote: | Would not use of a grant of modify to Creator Owner allow
for the tmp file to be deleted ?
Not sure, but I wouldn't think so. At any rate, the only reasonable way
to
assign delete permissions to temp files on the fly would be to make the
default permission on the folder in question allow file deletion, which
undoes what the OP is trying to do.
???? A grant on the containing folder of modify to Creator Owner
does do just that. No change of the not granting Delete on file not
created by the account, but temp files that are created by the account
may be deleted. That is sort of what Creator Owner was designed
for. However, where I am iffy on this is whether Office checks and
barks if the file itself being opened is not loosely premissioned. but
it do not think it will.
|
I'm not sure if I fully understand, but I think in that scenario, the
problem is that new Office files created would be able to be deleted. [You
couldn't try to solve this problem by configuring the folder so that users
could not create new files themselves, because that would also inhibit the
creation of the necessary temp files.] Also, you'd have to make sure none
of the existing files in the folder were owned by any of the users in
question. And, that would be messy to maintain, requiring constant
vigilance regarding permissions on newly created files.
I don't think Office would complain... If the office doc can be modified and
the temp file can be created in the existing folder, I think it only
complains at the end, when the file is saved or closed, if that temp file
cannot be deleted. |
|
| Back to top |
|
|
Roger Abell
Guest
|
| Posted:
Sun Jan 02, 2005 11:31 pm Post subject:
Re: NTFS Delete right is needed to save Office documents |
|
|
Ahhh - I see where you were coming from.
I had not thought that the OP wanted everyone to also be
able to deposit new files into the directory. Indeed, if
that is so then this would not work, at least not totally.
If either some "folder monitor" was responsible for adding
new files, or if the file owner being the only one able to
delete the file, then perhaps this is a solution.
The issue you mention of pre-existing files then being
able to be deleted by their owners is non-existent as the
Owner Creator gets translated to the exact account at the
time of creation.
--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:u%23xStoC8EHA.2124@TK2MSFTNGP15.phx.gbl...
| Quote: |
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:ufwiYj17EHA.3700@tk2msftngp13.phx.gbl...
Would not use of a grant of modify to Creator Owner allow
for the tmp file to be deleted ?
Not sure, but I wouldn't think so. At any rate, the only reasonable
way
to
assign delete permissions to temp files on the fly would be to make
the
default permission on the folder in question allow file deletion,
which
undoes what the OP is trying to do.
???? A grant on the containing folder of modify to Creator Owner
does do just that. No change of the not granting Delete on file not
created by the account, but temp files that are created by the account
may be deleted. That is sort of what Creator Owner was designed
for. However, where I am iffy on this is whether Office checks and
barks if the file itself being opened is not loosely premissioned. but
it do not think it will.
I'm not sure if I fully understand, but I think in that scenario, the
problem is that new Office files created would be able to be deleted.
[You
couldn't try to solve this problem by configuring the folder so that users
could not create new files themselves, because that would also inhibit the
creation of the necessary temp files.] Also, you'd have to make sure none
of the existing files in the folder were owned by any of the users in
question. And, that would be messy to maintain, requiring constant
vigilance regarding permissions on newly created files.
I don't think Office would complain... If the office doc can be modified
and
the temp file can be created in the existing folder, I think it only
complains at the end, when the file is saved or closed, if that temp file
cannot be deleted.
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in