Guest Dale Posted August 3, 2007 Posted August 3, 2007 I'm getting desperate for help here. Yes, I am an MCSE but this is Vista and Vista security does not act like any security before it. Here's the problem: I have scanned the CD covers for my entire CD collection and saved them as 480x480 pixel images named Folder.jpg in the corresponding album folder. Windows Media Player 11 insists on resizing those images to 200x200 pixels. There is nothing in Windows Media Player that will stop this. Setting the read-only attribute also does not stop WMP from destroying the album art. My goal is to stop this behavior by setting the NTFS permissions. I've been doing it for years with WMP 9 and WMP 10 in XP and Server 2003 but I can't find a way that works with WMP 11 and Vista. The end result should be that I can read the file but not write or delete any file matching Folder*.jpg - technically Folder.jpg but the * is required to make icacls.exe work on subfolders. No program running in my security context or the SYSTEM security context should be able to write or delete the file. Windows Media Player and I should be able to change the MP3 files or other image files in the media library. The only thing blocked should be the Folder.jpg files. I use ICACLS.EXE to deny delete or write permissions: icacls Folder*.jpg /deny Dale:(D) /T icacls Folder*.jpg /deny Dale:W /T As soon as I do one of the above (either one - I don't have to do both) I cannot delete or write the file but I also cannot read the files. I check the effective permissions in the security properties and every box is checked for me except Full Control and Delete in the case of the first example above and Full Control and all of the write associated permissions in the case of the second example above. All indications are that I should be able to access the files for reading. If I reset the ACLs using: icacl Folder*.jpg /reset /T and then use the Security property tab in Windows Explorer to set the permissions including deny write and deny delete, all works perfectly as expected. The only problem with this solution is that I would have to manually, one file at a time, set the permissions for thousands of files. Does anyone have any help on how to do this with icacls or some other tool by which I can set permissions en masse? Thanks, Dale -- Dale Preston MCAD C# MCSE, MCDBA Quote
Guest Dale Posted August 3, 2007 Posted August 3, 2007 Problem solved. I gave up on ICACLS.EXE and went back to CACLS.EXE. I created an account to give full control to so that I don't lose access to the files completely and then I use CACLS to replace the current ACL and give my account and the newly-created account access as follows:: CACLS Folder*.jpg /T /P Dale:R CACLS Folder*.jpg /T /E /G AlbumArtAccount:F Now I, and Windows Media Player when I am logged in, cannot delete or change the album art but AlbumArtAccount, which never logs in normally, could log in and delete or change the album art if necessary. So I rip my files using iTunes to a different folder on the same drive, scan and add my album art, set the permissions as described above, and then move the files to the folders monitored by WMP. As long as I always remember to follow all the steps, I'm fine. I still keep my album art backed up separately just in case. Afterall, this is WMP and as soon as the WMP product team finds a way to close this loophole, they will. Dale -- Dale Preston MCAD C# MCSE, MCDBA "Dale" wrote: > I'm getting desperate for help here. Yes, I am an MCSE but this is Vista and > Vista security does not act like any security before it. > > Here's the problem: I have scanned the CD covers for my entire CD > collection and saved them as 480x480 pixel images named Folder.jpg in the > corresponding album folder. Windows Media Player 11 insists on resizing > those images to 200x200 pixels. There is nothing in Windows Media Player > that will stop this. Setting the read-only attribute also does not stop WMP > from destroying the album art. > > My goal is to stop this behavior by setting the NTFS permissions. I've been > doing it for years with WMP 9 and WMP 10 in XP and Server 2003 but I can't > find a way that works with WMP 11 and Vista. > > The end result should be that I can read the file but not write or delete > any file matching Folder*.jpg - technically Folder.jpg but the * is required > to make icacls.exe work on subfolders. No program running in my security > context or the SYSTEM security context should be able to write or delete the > file. Windows Media Player and I should be able to change the MP3 files or > other image files in the media library. The only thing blocked should be the > Folder.jpg files. > > I use ICACLS.EXE to deny delete or write permissions: > > icacls Folder*.jpg /deny Dale:(D) /T > icacls Folder*.jpg /deny Dale:W /T > > As soon as I do one of the above (either one - I don't have to do both) I > cannot delete or write the file but I also cannot read the files. I check > the effective permissions in the security properties and every box is checked > for me except Full Control and Delete in the case of the first example above > and Full Control and all of the write associated permissions in the case of > the second example above. All indications are that I should be able to > access the files for reading. > > If I reset the ACLs using: > > icacl Folder*.jpg /reset /T > > and then use the Security property tab in Windows Explorer to set the > permissions including deny write and deny delete, all works perfectly as > expected. The only problem with this solution is that I would have to > manually, one file at a time, set the permissions for thousands of files. > > Does anyone have any help on how to do this with icacls or some other tool > by which I can set permissions en masse? > > Thanks, > > Dale > > -- > Dale Preston > MCAD C# > MCSE, MCDBA Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.