hummm.. Sounds a bit strange to me but...

First of all, I haven't worked with NT4 for several years so I'm
assuming Win2000 Server for the following.

Messing around with user policies without using windows authentication
is NOT a good solution in my eyes. You'll build a major security hazard
doing stuff like that using the IWAM_[computername] or GUEST account.

Instead use a COM+ component, which should run under a user context with
enough (and only enough!) credentials in a specific folder, the methods
exposed in the component should NOT have direct access with the file
system. Instead you have public methods which passes the actual call to
private methods and do all the NTFS activity in them.

You should also make sure that the folder is located outside the InetPub
folders and make a virtual catalog or web share. Doing this leaves you
with a virtual catalog under your website which all users only have read
access to, and then the component does the create/modify/delete calls.

Also, check the contents written on the fly to make sure that it isn't
worm code or the like...

/andreas.q3p

> Does anybody know if it is possible, or have a section of code 
> lying around that will give me the ability to change the NT User 
> rights on a specific
> file.  I am looking at a change control application, and I need 
> to be able to grant DOMAIN\USER1 write access to c:\test.asp and 
> then remove it again.
> The application is ASP based, so a section of VBScript would be 
> the best solution, or I can use a DLL...
> 
> Any ideas?
> 
> Thanks for the help
> Mark