Give the "read only" users read-write access to the directories, and to the (hidden) lock files in those directories, because that is what your application wants. As M. Pegasus said, this behaviour is dictated by your application. It is writing username information into hidden lock files in those directories as users open and close the documents therein. If users have read-only access to the directories and files, your application is unable to do this, which is why your application is unable to display that username information. As Microsoft KnowledgeBase article 277867 says, users require read-write access to directories that contain documents. Once again: This is an application, with an application-level locking mechanism, failing because its locking mechanism requires read-write access to directories and the hidden locking files therein in order to operate fully.