Hi guys: I have a question about windows server 2003 file ACL, it maybe too simple, but I can not let it run. Here it is: Administrator create a file named a.bat, he want user "littlecat" to execute it, but no read permission on it. I had try to add user littlecat and change the "littlecat" permissions to Deny all and allow Traverse Folder / Execute File on a.bat's security, so littlecat can traverse the folder, but littlecat can not execute this file because permission denied. I've no idea, is that possible?

1. Make sure "littlecat" has a Read permission for System32\cmd.exe 2. Only use Allows (permissions). Never use NTFS Denies (restrictions) until you know exactly what you're doing.MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor; CCNA

It seems that we cannot do such a thing. You can try to give "littiecat" full control and uncheck "read extended attributes", user will still not able to run the BAT file. What's the exact thing in the BAT file? Maybe we can find a workaround method. Shaon Shan |TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tngfb@microsoft.com

Hi Jaxx, You have to grant the user read permission to be able to run the batch file, granting this permission will allow him to edit the file and see the text inside. I suggest that you create a simple VB application and use the SHELL command to run any command line commands, and then compile it into a .exe file, this way the user cannot see what is really going on incase you have any sensitive data or passwords that are stored in the batch file.MCDST, MCSAS, MCSES, MCDBA, MCITP, MCTS, MCT