software user or group access to project directory

[LOFTY]

what is the best way to achieve these following objectives

a)have a project folder that people can access -read and
write.
b) not allow these users to create any folders in this
project directory.
c) allow a small group of managers to create folders in
this project directory.
d) allow business management software that all users use
to create folders in this project directory.

note : the business management software auto-creates a new
directory tree in this project directory every time a new
job is entered.

thankyou
..

 

[Mark Zbikowski \(MSFT\)]

Ahh... you have a problem. Security is applied to
USERS, not applications. Saying USERS can't
create folders yet programs that USERS run can
create folders is a contradiction.

You can' t do this unless you run these programs as
different users (see RUNAS).

 

[lofty]

ok then
what about how iis delves into the system to process ASP
for example. It uses some account called NT/authority or
something like this which has the flavours
of 'authenticated' and 'Interavtive'. if u remove these
two from the users group, iis serves html files ok but
will not process asp anymore. So is there not some slim
chance a solution is possible or am i barking up the wrong
tree.