0

I have a folder of executables that users have read and execute permissions on. They also have a link on their desktop to run them. Is there anyway to still allow them to execute these files but not be able to list all executables in this folder as there are config files in here (Don't worry, no plain text passwords).

My original question was, "can a user have execute permissions but not read" but this seems to not be the case.

Extra Info:

File Share Server - Windows Server 2016

Dave M
  • 4,494
  • 21
  • 30
  • 30
Ryan Gaudion
  • 103
  • 3

1 Answers1

2

Yes, it is possible :

On the folder containing the executables, show the Advanced Permissions and grant the following rights to the user group :

  • Traverse Folder / Execute file
  • List Folder / Read data
  • Read attributes
  • Read extended attributes

and select Applies to Files only, that's the important bit.

The users will be able to launch the executables either by entering the full path, or by using a shortcut, but will not be able to list the content of the folder.

As shown below:

NTFS Permissions

Swisstone
  • 6,357
  • 7
  • 21
  • 32
  • When using this method for executables I get the following error: "Directory\program.exe" The directory name is invalid. However if I set permssions applies to "This folder and files", then it works fine. – Ryan Gaudion Jan 27 '20 at 12:54
  • Is there anyway to allow executables to be run without letting others know all files in the folder – Ryan Gaudion Jan 29 '20 at 13:19
  • If you set the permissions strictly as I specified, it works as requested. Double check the permissions, and try to start the program in cmd.exe for example to make sure the problem is not the shortcut... – Swisstone Jan 29 '20 at 13:41