Deny Execute only ACE?

  • Thread starter Thread starter George
  • Start date Start date
G

George

Hi,

I have been trying to setup permissions to prevent files beeing
executed in a particular directory.
It came out that if I prevent execution I can not Traverse Folders, ie
I can not go into that directory.
Is there any way I can only restrict running of stuff there?
Tried SDDL,cacls but no luck..


Thanks,
 
George said:
Hi,

I have been trying to setup permissions to prevent files beeing
executed in a particular directory.
It came out that if I prevent execution I can not Traverse Folders, ie
I can not go into that directory.
Is there any way I can only restrict running of stuff there?
Tried SDDL,cacls but no luck..


Thanks,
Click to expand...

You need to click the Advanced button in the Security
dialog, and then highlight the correct ACE and hit
Edit. There, select to apply your deny to Files only.
The same bit in the access mask is Execute for either
Files or Directories, and executing a directory means
to list/traverse it. So, you want to make your deny of
execute apply to Files only.
 
Roger Abell said:
You need to click the Advanced button in the Security
dialog, and then highlight the correct ACE and hit
Edit. There, select to apply your deny to Files only.
The same bit in the access mask is Execute for either
Files or Directories, and executing a directory means
to list/traverse it. So, you want to make your deny of
execute apply to Files only.
Click to expand...

Thanks very much. I try to avoid software restriction policies and was
just about to change my mind.
 
Back
Top