I need to (programatically) grant read permissions to NETWORK SERVICE on a file deep inside a user's home directory. I've done this running cacls.exe and thought all was well, but having tested it by running a command prompt on as NETWORK SERVICE I found that type <filename> gives me "Access is denied."
Of course, NETWORK SERVICE does not have read permissions on the directory, but it was my understanding that the "Bypass traverse checking" user right should allow it to read the file anyway. This right is granted to NETWORK SERVICE by default and I've confirmed in Local Security Policy that this hasn't been changed. I tested this out by reading a file immediately under the user directory and still got "Access is denied" until I granted NETWORK SERVICE the "List folder/read data" right on the directory.
My questions are:
- Why is this happening? Why is the "Bypass traverse checking" right not working as I think it should?
- What do I do about it? If I really do have to grant read permissions on each directory in the path what's the easiest way to do this, either from cacls or a PowerShell script?
I'm testing this on Windows 7 x64, but need it to work on Windows XP upwards, both 32-bit and 64-bit.
