RE: Complete lock down on one user?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Cheers for that...

Unfortunately, and I find this a lot with Microsoft docs regarding AD, PDCs,
OUs and GPs, it's as clear as mud.

I've created a new, seperate OU for just this one person, and I've limited
what they can do significantly on the desktop/system, but unfortunately I
still cannot deny them access to my full file tree on the file server (also
PDC).

I don't want to have to change the permissions on all folders, but this
seems to be the only solution?

C

"Allen Firouz" wrote:

> The best way to do this is to move the user into a separate OU, create a GPO
> for that OU and lock it down completely. This is also the most manageable
> way to do it. Using GPO's you can lock down the user as granularly as
> possible, even their network access and the default action for files and
> folders. Check out these links for more info:
>
> GPO overview:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/be2c2744-15f4-4495-9ae7-19ee3c9da70d.mspx
>
> Designing and creating GPO's:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKit/0ab84030-db4c-4356-b370-4d5db5f74dcb.mspx
>
> -Allen Firouz
>
>
> "Lachlan Musicman" wrote:
>
> > We are getting audited by the tax office.
> >
> > So I need to create an account with access to the printer, the internet, and
> > one folder on the file server - for the auditors.
> >
> > Thus far I've created the account, the folder added them to Print Users and
> > Domain Users.
> >
> > I've pretty much managed to completely lock them down.
> >
> > The only thing I cannot seem to be able to do, is to disable their ability
> > to surf our network through the windows explorer->My Network Places->Entire
> > Network->etc->etc
> >
> > Any ideas?
> >
> > I haven't been able to make it impossible for them to see things on our file
> > server, so I thought I'd just cut them off from the ability to even find it.
> >
> > Any tips for creating the simplest, most disabled account, that can still
> > print/surf/use one folder on the file server?
.

Relevant Pages

  • lock folders
    ... account. ... I want to lock or password protect some of my folders (such as my ...
    (microsoft.public.windowsxp.security_admin)
  • Re: About email accounts, email folders and backups via activesync on WM6.1
    ... I am totally new to pocketpc's and activesync and I did some reading ... I managed to sync outlook from the laptop to the ... So I assume I have to set up an email account to be able ... outbox, trash, and all other folders that can only be synced with my ...
    (microsoft.public.pocketpc)
  • Re: PC folder has stopped sharing over network!
    ... So following Jim's principle I've just tried creating a new user account on the PC - "Kids2", and enabled sharing on its component folders. ... There is a security tab that lists the access permissions and you can add to these to "open" the account in any way you wish. ... I've just been in to the security tab, and the access permissions for both kids and administrator are set to "Full Control". ... I browsed around all the tabs, and can't see any differences at all between the settings for kids and administrator. ...
    (uk.comp.misc)
  • Re: Why so many My Docs?
    ... XP is a multi-user operating system, no matter if only one person is using it. ... In all multi-user operating systems - NT, Win2k, XP, Unix, Linux, Mac OS X - there is the one built-in account that is "god" on the system. ... In Windows terminology, that is "Administrator". ... My Computer - represents your entire computer, showing drives and shared folders. ...
    (microsoft.public.windowsxp.general)
  • Re: File & Transfer Wizard wont recognize CD drive
    ... > If you don't mind having Signatures, Rules and all the other settings the ... > From the user account that is already set up: ... > folders saved in your backup file. ...
    (microsoft.public.windowsxp.general)