Here’s the situation: A user (accounting clerk) on our network using accounting software creates a payroll ACH report that writes as a .txt file to a folder on our network. This file is then copied/drug to an online secure banking repository for processing by another user (the clerk’s supervisor). Currently an “Accounting” group in AD, Administrators, and System have FC permissions on the folder and inheritance is enabled.
The problem is that auditors have an issue with the created files being editable by users (even the user who created it)and want it locked down after creation. We need to apply permissions that will allow the user (via an action in the software) to create and write the file to the folder, but then NOT be able to edit it once it is created. The file will need to be able to be read by the bank after dropping it at their repository. Currently, the creating user shows as the owner of the files.
If you need to know… We are running Windows Server 2003 and all workstations are Windows XP Professional.
Can anyone help me with this permissions issue?
THANKS.