WD2000: Windows NT Network Privileges Required to Run Word (244728)

MORE INFORMATION

Description of File System Directory and File Permissions

Windows NT Server enforces security at every folder level. On a computer running Windows NT Server, if a user has no permissions for a high-level folder, the user cannot access that folder or see its contents.

Directory permissions control general access to a directory, its files, and its subdirectories. When granted at the directory level, the permissions apply to all the files and subdirectories in that directory unless the permissions are redefined at the file or subdirectory level.

The following seven permissions can be granted at the directory level on a Windows NT file system.

Directory Permission	Description
No Access	User cannot access the directory in any way, even if the user is a member of a group that has been granted access to the directory.
List (RX)	User can only list the files and subdirectories in this directory and change to a subdirectory of this directory. User cannot access new files created in this directory.
Read (RX)	User can read the content of files in this directory and can run applications in the directory.
Add (WX)	User can add files to the directory but cannot read or change the contents of current files.
Add & Read (RWX)	User can add files and change the contents of current files.
Change (RWXD)	User can read and add files and change the content of current files.
Full Control (All)	User can read and change files, add new ones, change permissions for the directory and its files, and take ownership of the directory and its files.

File permissions control access to specific files in a directory. They are used to redefine the permissions that users inherit from directory permissions.

The following permissions can be granted at the file level on a Windows NT file system.

File Permission	Description
No Access	User cannot access the file in any way, even if the user is a member of a group that has been granted access to the file.
Read (RX)	User can read the content of the file.
Change (RWXD)	User can read and change the content of the file.
Full Control (All)	User can read and change the file, add new ones, change permissions for the file, and take ownership of the file.

Access types in the case of files, the levels of access a user can have are described as follows.

Access Type	Description
R	Display (read) the file's attributes (including its data), owner, and permissions.
X	Run (execute) the file.
W	Change (write to) the content of the file or any of its other attributes.
D	Delete the file.
P	Change the file's permissions.
O	Take ownership of the file.

Windows NT Privileges Required to Only Read Documents

READ, LIST

Below is a list of directories where users need only READ and LIST privileges to run Word (they only need to be able to read from these directories):

Server location of Word program directory tree (Administrative installation)
Server location of shared Microsoft applications (MSAPPS) directory tree (Administrative installation)
Windows program directory, if running shared Windows
Any server directories where you store graphics or other source files for links that you do not want users to be able to modify in Word.

NOTE: In addition, you need to apply Read-Only and Shareable Flags to all the files in these locations. Usually, the Windows NT network administrator sets this sequence of privileges and attributes after performing the server installation of Windows or an application.

Windows NT Privileges Required to Create or Modify Documents

READ, ADD, LIST, CHANGE

IMPORTANT: These user rights apply to the directory that contains the files you are working with. Windows NT also allows for assigning users file level rights. Make sure the CHANGE right is also assigned at the file level. This is especially important when users with Owner rights are working with documents within the same directory.

For example: If one user opens a document, Word creates a temporary file with a name similar to "~wrd0000.tmp". When a different user with Owner rights opens a different document, their session of Word may also create a temporary file with the same file name. This may occur when the owner does not have the file level right of CHANGE assigned. When the CHANGE right is missing, Word cannot "see" the other temporary files that may exist in the directory.

The following is a list of directories where users need these privileges to run Word:

The workstation's Word program directory tree, if it is located on the server.
Temporary directory, if it is located on the server.
Any server directories where the user stores documents.
Any server directories where source files for links are located that the user needs to modify (for example, Microsoft Excel worksheets or charts).

Symptoms of Missing Windows NT Privileges

LIST	The user cannot see any files in the directory, so the directory appears to be empty.
CHANGE	The user cannot delete files, which frequently results in a large number of temporary (.tmp) files.
CHANGE	The user cannot rename files. When the user does not have Modify privileges, Word cannot rename .tmp files during a save operation. When Word saves, it deletes the previously saved version of the document and then renames the current .tmp file. Without Modify rights, Word deletes the document and then cannot rename the .tmp file, so an error occurs and the document appears to be lost (you can copy the .tmp file to a directory in which the user has appropriate privileges and then rename it).