[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.vb.general.discussion

Folder Permissions

Mike Williams

11/15/2011 5:53:00 PM

According to the Micro$oft documentation the All Users Public Documents
folder (CSIDL_COMMON_DOCUMENTS, which is c:\Users\Public\Documents on my own
Vista machine) is by default read/write for the creator of a document but
read-only for all other (non admin) users, unless permissions are modified.
This seems to be confirmed when I check the permissions in Explorer where I
can see that in the Allow column under the Security tab there is a tick
against Read but no tick against Write for "Everyone".

However, when I create a folder in CSIDL_COMMON_DOCUMENTS and when I write a
file into that folder I find that all users, including ordinary non-admin
users, can edit / modify the file I created, and that all users then see the
modified document. After discovering this I double checked again in Explorer
and I found that the Public Documents folder itself and the sub folder and
file I created in it all still have a tick against Read but no tick against
Write in the Allow column for "Everyone". I checked this on all user logins
and it was the same. Maybe I am a bit niaive (as someone here recently
called me) but I would have thought that a write would not be allowed by a
non-admin user who did not actually create the document under those
circumstances.

What is going on here? I can explicitly deny Write to all users by placing a
tick under the Deny column against Write, but I had assumed that simply
having "no tick" against Write under the Allow column (which certainly
appears to be the default on my own Vista machine) would be sufficient,
especially since as far as I understand a tick against Write in the Deny
column has further reaching effects as far as people who are members of more
than one Group are concerned (whatever a Group is?). I certainly would have
thought that on a standard machine with its default settings, where there is
simply no tick against Write under the Allow column for "Everyone", would be
sufficient to prevent writes by other non-admin users on a document that was
created by someone else, especially since Micro$oft seem to say that is the
default behaviour.

The behaviour on my system seems to be at odds with Micro$oft's description
of the default settings, which seems odd. Is there something here that I
have just failed to understand? I suspect there might be.

Mike
5 Answers

mm

11/17/2011 7:13:00 PM

0

El 15/11/2011 02:52 p.m., Mike Williams escribió:
> The behaviour on my system seems to be at odds with Micro$oft's
> description of the default settings, which seems odd. Is there something
> here that I have just failed to understand? I suspect there might be.
>
> Mike

In my vista it is exactly the same (just tested).

mm

11/17/2011 7:16:00 PM

0

May be the description that you read about was for the folder
CSIDL_COMMON_APPDATA, that is C:\Programdata?

Mike Williams

11/17/2011 10:59:00 PM

0

"Eduardo" <mm@mm.com> wrote in message
news:ja3mhb$id2$1@speranza.aioe.org...
> May be the description that you read about was for the folder
> CSIDL_COMMON_APPDATA, that is C:\Programdata?

I did read that about CSIDL_COMMON_APPDATA, but I also read the same about
CSIDL_COMMON_DOCUMENTS. The page I read was:

http://msdn.microsoft.com/en-us/library/ms9...

The following is the relevant extract from that page:

Any user can write into the All Users\Documents location. By default, only
the creator of the document (and administrators) will be able to
subsequently modify the document. All other (non-admin) Users will have
read-only access to the document by default. If an application requires that
all normal Users to have write access to a given application specific
subdirectory of CSIDL_COMMON_DOCUMENTS, then the application must explicitly
modify the security on that sub-directory during application setup. The
modified security must be documented in the Vendor Questionnaire.

Mike

mm

11/17/2011 11:24:00 PM

0

El 17/11/2011 07:59 p.m., Mike Williams escribió:
> "Eduardo" <mm@mm.com> wrote in message
> news:ja3mhb$id2$1@speranza.aioe.org...
>> May be the description that you read about was for the folder
>> CSIDL_COMMON_APPDATA, that is C:\Programdata?
>
> I did read that about CSIDL_COMMON_APPDATA, but I also read the same
> about CSIDL_COMMON_DOCUMENTS. The page I read was:
>
> http://msdn.microsoft.com/en-us/library/ms9...
>
> The following is the relevant extract from that page:
>
> Any user can write into the All Users\Documents location. By default,
> only the creator of the document (and administrators) will be able to
> subsequently modify the document. All other (non-admin) Users will have
> read-only access to the document by default. If an application requires
> that all normal Users to have write access to a given application
> specific subdirectory of CSIDL_COMMON_DOCUMENTS, then the application
> must explicitly modify the security on that sub-directory during
> application setup. The modified security must be documented in the
> Vendor Questionnaire.
>
> Mike
>
>

It must be a mistake from MS on that page.

I think I recall that CSIDL_COMMON_DOCUMENTS is the only place that can
be shared among the users with read/write permissions for everyone.

Mike Williams

11/18/2011 10:08:00 AM

0

"Eduardo" <mm@mm.com> wrote in message
news:ja452n$qpr$1@speranza.aioe.org...
>
> It must be a mistake from MS on that page. I think I recall that
> CSIDL_COMMON_DOCUMENTS
> is the only place that can [by default] be shared among the
> users with read/write permissions for everyone.

Yeah, you're probably right. I seem to recall that being the case from other
things in the back of my head that I must have read somewhere (and it is
what I want for the specific task I am doing) but when I read the
information on the MS page at the link I posted I thought I must have been
wrong and that, as stated on that MS page, ordinary users other than the
original author of a document did not have write access to documents in
CSIDL_COMMON_DOCUMENTS. So, I had MS telling me there was no write access to
ordinary users other than the author and my own actual tests telling me
there was (at least on my own Vista machine).

Thanks, Eduardo.

Mike