So I don't know if this is documented anywhere, but a customer of mine was looking for a way to implement tighter security within their SoftGrid environment. Specifically, they were looking for a way to thwart a user who has access to SoftGrid applications from copying down their SFT files (which contain the bits of a sequenced app) and using them for their own purposes. In theory, one could essentially 'steal' an SFT file that they have Read access to from the content share (which is essentially what they have by default) and use it in their own SoftGrid Infrastructure without authorization. Or worse, use the MSI Utility to create a portable virtual application ready for use. The following is a way you can protect your SFT assets:
- Leave the content share permissions to at least Read for Everyone.
- Leave the NTFS permissions for all files in the content share to Users, Admins, and System to at least Read (i.e. default or whatever)
- Directly on the SFT file or files you wish to lock down, un-check the ‘Inherit NTFS permissions’ check box and remove all NTFS permissions from this SFT file except for SYSTEM and Administrators.
Now, typical users will be able to stream applications from the content folder, they will be able to ‘see’ the SFT files but they will not be able to copy off the SFT files (should get an Access Denied)… This is how it worked in my lab, anyway…