Re: question about Restricting access
From: Xerxes (ashkaan57_at_hotmail.com)
Date: 11/22/04
- Next message: Max: "Re: Changing Startup Account??"
- Previous message: mike: "Creating a bootable, slipstreamed Win2000 CD with all current upda"
- In reply to: Gotcha: "RE: question about Restricting access"
- Messages sorted by: [ date ] [ thread ]
Date: 22 Nov 2004 11:22:48 -0800
Thanks a lot for your assistance.
What I did was:
- created a group on the server, called it "no_acess"
- removed the user in question from domain users and added him to
"no_access" group
- on his own folders on the server, I added the "no_access" group
- on other folders, I removed "everyone", if it existed and repleaced
with "Domain users". I did the same thing with shared folders and
drives on other users' workstations. I tried it by loggin in as him
and it seems to work. However, being a newbie, I am not sue if I
missed any thing.
Gotcha <Gotcha@discussions.microsoft.com> wrote in message news:<A77139E8-41B7-47BE-9500-040272CA0CE3@microsoft.com>...
> Drumgod, read the guys post, he's a newbie - you're answer is probably double
> dutch to him. That's why I went so far in giving a detailed explanation that
> is easily understood.
> Judging from his question, it would appear that user groups, permissions,
> etc is not something that he has come across as yet or doesn't totally
> follow.
>
> So before you start 'simplifying' answers, chek your audience ;)
>
> Iain
>
>
>
> "Drumgod" wrote:
>
> > To simplify this answer. You use NTFS security permissions to grant/deny
> > permissions to user groups. Sharing a folder/drive will enable you to
> > configure your NTFS permissions.
> >
> >
> >
> > "Gotcha" wrote:
> >
> > > the theory is this:
> > > - you set up a domain local group and give it access rights to a resource
> > > - you set up a domain global group and put it in to the corresponding domain
> > > local group
> > > - you put users into domain global groups
> > >
> > > So if you had a directory called c:\secret and you wanted to give joe bloggs
> > > access to it, but no one else. Create domain local groups called
> > > "secret_L_ro" (for Local Read Only group) and "secret_c" (for Local Change
> > > group), in the folder permissions tab, give those groups the corresponding
> > > rights, ie: change or read only. Then, create domain global groups call
> > > "secret_G_ro" & "secret_G_c". Put these groups into the corrsponding domain
> > > local groups. Make JoeBloggs a member of either the "secret_G_ro" or the
> > > "secret_G_c" group as required.
> > > On teh "secret" folder, check the permissions, remove the everyone group if
> > > it's there.
> > >
> > > The principal is exactly the same for printers, except in place of the
> > > "secret" folder, you'll be talking about "yourprinter" printer.
> > >
> > >
> > > As for the Internet, how are you're suers connecting to the internet at
> > > present??
> > >
> > >
> > > Iain
> > >
> > >
> > >
> > > "Xerxes" wrote:
> > >
> > > > Hi,
> > > > a kind of newbie question:
> > > > how can I restrict a user's access to other PCs and shared
> > > > files/folders and only give him access to his folders on the server,
> > > > the printers and Internet? I thought about disabling his account on
> > > > the AD but he needs access to his folders on the server.
> > > >
> > > > Thanks.
> > > >
- Next message: Max: "Re: Changing Startup Account??"
- Previous message: mike: "Creating a bootable, slipstreamed Win2000 CD with all current upda"
- In reply to: Gotcha: "RE: question about Restricting access"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
