Icacls: Granting WO access to folder

gjacobse

@eddiejennings
Just need to add the user to the folder with write permissions.

gjacobse

@eddiejennings said in Icacls: Granting WO access to folder:

But there's more to the story it seems. Are you needing to share the %PROGRAMDATA% folder over the network

No - the folder doesn't need to be shared. The DB on the server - needs the path mapped.

IRJ

@gjacobse said in Icacls: Granting WO access to folder:

@eddiejennings said in Icacls: Granting WO access to folder:

But there's more to the story it seems. Are you needing to share the %PROGRAMDATA% folder over the network

No - the folder doesn't need to be shared. The DB on the server - needs the path mapped.

Please tell me this is a joke.

IRJ

If I'm understanding correctly, this is a huge security risk.

Are you considering giving everyone full write access to %PROGRAMDATA%?

IRJ

I guess if you just give it to the liberty data folder it's not as bad. It's amazing how shitty software can be though. It sucks that %PROGRAMDATA% folder has been around since Windows 7 and this vendor still can't figure out how to leverage it properly.

gjacobse

@irj said in Icacls: Granting WO access to folder:

@gjacobse said in Icacls: Granting WO access to folder:

@eddiejennings said in Icacls: Granting WO access to folder:

But there's more to the story it seems. Are you needing to share the %PROGRAMDATA% folder over the network

No - the folder doesn't need to be shared. The DB on the server - needs the path mapped.

Please tell me this is a joke.

Uh - Me thinks that my explanation is missing its mark still -

User needs write access to %programdata%\liberty software.

User also needs to map two drives (unc\path1 and unc\path2) that are on a server. The folder %programdata%\liberty software is not and does not need to be shared or mapped.

Does this clarify things?

Dashrender

@gjacobse ug - so it uses Access style DB's... it's not making API calls, it's SMBing to the DB file itself.

EddieJennings

I would make a group for the users that need to access this folder (even if it's a group with only one user).

User also needs to map two drives (unc\path1 and unc\path2) that are on a server. The folder %programdata%\liberty software is not and does not need to be shared or mapped.

User logs into the server (via RDP?), needs two drives mapped to some other locations that's not %PROGRAMDATA%\liberty software, and needs write access to %PROGRAMDATA%\liberty software on the server, correct?

Dashrender

@eddiejennings said in Icacls: Granting WO access to folder:

I would make a group for the users that need to access this folder (even if it's a group with only one user).

User also needs to map two drives (unc\path1 and unc\path2) that are on a server. The folder %programdata%\liberty software is not and does not need to be shared or mapped.

User logs into the server (via RDP?), needs two drives mapped to some other locations that's not %PROGRAMDATA%\liberty software, and needs write access to %PROGRAMDATA%\liberty software on the server, correct?

Where did RDP come into this?

gjacobse

@eddiejennings said in Icacls: Granting WO access to folder:

I would make a group for the users that need to access this folder (even if it's a group with only one user).

User also needs to map two drives (unc\path1 and unc\path2) that are on a server. The folder %programdata%\liberty software is not and does not need to be shared or mapped.

User logs into the server (via RDP?), needs two drives mapped to some other locations that's not %PROGRAMDATA%\liberty software, and needs write access to %PROGRAMDATA%\liberty software on the server, correct?

No RDP in this case. Locally installed application.
Yes - agree that a GPO using a security group would be better -