Protect the Card Formatter log by restricting permissions
When you format cards with BALTECH Card Formatter, all numbers assigned are written to a log. Card Formatter uses this log to define which number to program onto the next card. This means: If you want to prevent numbers from being assigned multiple times, you need to ensure the log can't be manipulated.
Thus, we highly recommend you restrict permissions to the log when Card Formatter is operated in a non-secured environment (i.e. by various users).
Perform these steps on the Windows computer that will be used to do the formatting.
If you haven't done so yet, load the job file once in BALTECH Card Formatter, so the log is created.
To create the log:
Connect a reader to your computer.
Open BALTECH Card Formatter.
If you haven't installed it yet, you can download it here.
Click the reader, then click Select.
Click Browse and select the job file (CARDDESC or MIFDESC format).
When the job file is loaded, an empty log is automatically created.
You can find it at the path specified when ordering the job file. If you didn't specify a path, the log is created in the same folder as the job file.
By default, all users on that computer have full permissions to the log. With the following steps, you limit permissions to the required minimum.
Remove permissions inherited from the folder
- Right-click the log and select Properties > Security > Advanced.
At the bottom of the window, click Disable inheritance.
In the popup, click Convert inherited permissions into explicit permissions on this object.
Transfer log file ownership
The owner of the log file will keep full permissions, so this should be a trusted user or user group (e.g. Administrators). If the log file was created by a different Windows user, transfer the log file ownership.
Next to the Owner, click Change.
In the entry field of the popup, enter the user or user group you want to transfer ownership to, e.g. Administrators.
Restrict permissions for other users
Restrict the permissions for the user(s) that will later do the formatting.
Do not change the permissions for SYSTEM, Administrators, and the owner (if different from Administrators).
- Select the user and click Edit.
- In the top right, click Show advanced permissions.
Disable all permissions except the following:
- List folder / read data
- Read attributes
- Read extended attributes
- Create folders / append data
- Read permissions
Click OK. The Advanced Security Settings overview should now look like this:
Done! Now, the log file can no longer be deleted or modified by unauthorized users.