The adopted authority concept is not directly available under Windows
(it is on Unix Systems, called "suid").
There is something similar, but not really suitable for your purpose
called "Impersonisation"
(
http://www.awprofessional.com/articles/article.asp?p=350385&rl=1) on
Windows.
I'm not a Windows Programmer, just an Admin, but I think the right way
to solve the problem you have is to use a separate program, which
receives the file through RPC and runs as a service under it's own user
context.
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Peter.Colpaert@xxxxxxxxx
Sent: Friday, July 27, 2007 9:26 AM
To: Midrange Systems Technical Discussion
Subject: Adopted authority in a Windows Server environment
Group,
I've been given the task to investigate whether it is possible to use
some
kind of adopted authority in Windows.
Here's what we want to setup:
We currently have a document publishing application, triggered by the
user
in our iSeries application, which uses Lotus Notes. The document is
picked up by a Notes agent and sent to a Win2K file server.
We want/need to eliminate Notes, and replace it with an other package,
which would work by monitoring a folder somewhere on the network.
The idea is to let the user pick a file to publish (triggered from our
iSeries application), and drop the file in the "watched" folder.
However, we want to prevent the user from dropping the file via other
means (DOS copy, Explorer drag&drop, etc).
So what we need is a way to secure write/modify/delete access to the
drop
folder, so that only the application can put files there.
Is this at all possible?
I did quite a lot of googling, but could only find answers relating to
i5/OS (of course).
Thanks in advance,
Peter Colpaert
Application Developer
PLI - IT - Kontich, Belgium
-----
Yoda of Borg are we. Futile is resistance, assimilated will you be.
-----
midrange.com
