Preventing users from writing to a particular file

You may want users to view but not modify a file. For example, a file may include the financial data that employees should view but not edit.
You can create an Application and Device Control rule to give users read-only access to a file. For example, you can add a rule that lets you open a text file in Notepad but does not let you edit it.
  1. To prevent users from writing to a particular file
  2. To add a rule that prevents users from writing to a particular file, open an Application Control policy, and on the
    Application Control
    pane, click
    Add
    .
  3. In the
    Application Control Rule Set
    dialog box, under the
    Rules
    list, click
    Add > Add Rule
    .
  4. On the
    Properties
    tab, in the
    Rule name
    text box, type
    1.txt in c read allowed write terminate
    .
  5. To the right of
    Apply this rule to the following processes
    , click
    Add
    .
  6. In the
    Add Process Definition
    dialog box, under
    Processes name to match
    , type
    notepad.exe
    , and then click
    OK
    .
  7. In the
    Application Control Rule Set
    dialog box, under the
    Rules
    list, click
    Add > Add Condition > File and Folder Access Attempts
    .
  8. On the
    Properties
    tab, in the
    Description
    text box, type
    file access launched
    .
  9. To the right of
    Apply this rule to the following processes
    , click
    Add
    .
  10. In the
    Add File or Folder Definition
    dialog box, in the text box in the
    File or Folder Name To Match
    group box, type
    c:\1.txt
    , and then click
    OK
    .
  11. In the
    Application Control Rule Set
    dialog box, on the
    Actions
    tab, in the
    Read Attempt
    group box, select
    Allow access
    , and then check
    Enable logging
    and
    Notify user
    .
  12. Under
    Notify user
    , type
    reading is allowed
    .
  13. In the
    Create, Delete, or Write Attempt
    group box, click
    Block access
    ,
    Enable logging
    , and
    Notify user
    .
  14. Under
    Notify user
    , type
    writing to block Notepad
    .
  15. Click
    OK
    twice and assign the policy to the client computer group.
    Test the rule.
  16. To test a rule that prevents users from writing to a particular file, on the client computer, open File Explorer, locate the c:\ drive, and then click
    File > New > Text Document
    .
    If you create the file by using Notepad, the file is a read-only file.
  17. Rename the file as 1.txt.
    Make sure that the file is saved to the c:\ folder.
  18. In Notepad, open the c:\1.txt file.
    You can open the file but you cannot edit it.