Skip to content

Protect the Card Formatter log by restricting permissions

When you format cards with BALTECH Card Formatter, all numbers assigned are written to a log. Card Formatter uses this log to define which number to program onto the next card. This means: If you want to prevent numbers from being assigned multiple times, you need to ensure the log can't be manipulated.

Thus, we highly recommend you restrict permissions to the log when Card Formatter is operated in a non-secured environment (i.e. by various users).

Perform these steps on the Windows computer that will be used to do the formatting.

Create log

If you haven't done so yet, load the job file once in BALTECH Card Formatter, so the log is created.

To create the log:

  1. Connect a reader to your computer.

  2. Open BALTECH Card Formatter.
    If you haven't installed it yet, you can download it here.

  3. Click the reader, then click Select.

    Screenshot: Select a reader in BALTECH Card Formatter

  4. Click Browse and select the job file (CARDDESC or MIFDESC format).

When the job file is loaded, an empty log is automatically created.

You can find it at the path specified when ordering the job file. If you didn't specify a path, the log is created in the same folder as the job file.

Restrict permissions

By default, all users on that computer have full permissions to the log. With the following steps, you limit permissions to the required minimum.

Remove permissions inherited from the folder

  1. Right-click the log and select Properties > Security > Advanced.

  2. At the bottom of the window, click Disable inheritance.

    Disable inheritance for the BALTECH Card Formatter log in Win 10

  3. In the popup, click Convert inherited permissions into explicit permissions on this object.

  4. Click Apply.

    Convert inherited permissions for the BALTECH Card Formatter log in Win 10

Transfer log file ownership

The owner of the log file will keep full permissions, so this should be a trusted user or user group (e.g. Administrators). If the log file was created by a different Windows user, transfer the log file ownership.

  1. Next to the Owner, click Change.

    Change owner of the BALTECH Card Formatter log in Win 10

  2. In the entry field of the popup, enter the user or user group you want to transfer ownership to, e.g. Administrators.

  3. Click OK.

    Enter Administrator group as the owner of the BALTECH Card Formatter log in Win 10

Restrict permissions for other users

Restrict the permissions for the user(s) that will later do the formatting.

Do not change the permissions for SYSTEM, Administrators, and the owner (if different from Administrators).

  1. Select the user and click Edit.
  2. In the top right, click Show advanced permissions.

  3. Disable all permissions except the following:

    • List folder / read data
    • Read attributes
    • Read extended attributes
    • Create folders / append data
    • Read permissions

    Edit advanced permissions in Windows 10

  4. Click OK. The Advanced Security Settings overview should now look like this:

    Advanced security settings with special permissions for the user of BALTECH Card Formatter

Done! Now, the log file can no longer be deleted or modified by unauthorized users.

Title