Wednesday, 10 March 2010

Nonsensical use of file permissions and temporary files by Microsoft Office

Rant of the week, and I’ve written about this one before.

There must be, for any administrator, situations where you want people to be able to open, read and save files, but not to delete them. You want to protect shared pools of files against accidental deletion, but otherwise people can do anything else sensible with them.

It sounds like a great scheme – except that it’s not possible if you’re using Microsoft Office (especially Word/Excel) to edit the documents.

Word and Excel create temporary copies of documents as they are edited, in the same folder as where the document is saved. This behaviour is rather in contrast to other types of applications, which generally create temporary files in the user’s Temp folder. Obviously, you’d expect that an application can delete the files in the Temp folder when it closes, and in fact most applications do this automatically. But for some particular reason (and it might in principle be a very good reason, like being able to recover the temporary versions if the application crashes), Word and Excel (and maybe other Office applications) save temporary versions of a document into the same folder as where the user chooses to open or save the permanent version of the document.

The net result of this behaviour is that if you apply Deny permissions for Delete Files to this folder, Word/Excel can’t save a file at all. The reason Word/Excel can’t do this is that it fails to delete these temporary files, so because of a bug in the way it is written, it refuses to save the permanent file into the same directory (even though it can do this without deleting the temp copy).

There is a document here that describes some of this functionality and the use of file locations by Word. There is also an option in the Options (Save tab) to make a local copy of files that are on a network share. This option may or may not have an impact on this setting. However it is very clear by now that Word/Excel’s use of the original Save folder for temporary files is a flawed system because the minimum amount of permissions required to edit documents must include the Delete permission, and this precludes any possibility that an administrator could deny Delete Files permissions in order to protect Pool file areas against accidental mass deletions of files or folders (a common enough problem, I would think, when dealing with shared file pools if our own experience is anything to go by). I’m not going to try any more tweaking with either Word or Excel (in any case the latter doesn’t have that setting). We are simply going to have to revisit our ideas of what shared pools are about, and either change the structure of them, or limit what they can be used for.