Re: policy

Inline

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"youssef" <youssef@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:142F6EA7-5E5E-46C0-94E8-8DD87935BB04@xxxxxxxxxxxxxxxx
> hi everyone
> i applied the domain from week ago , the network consists of : 30 users
> in
> the network , isa server , DC , vpn server and i have some questions :
> 1. Before we were in a workgroup , the manner to enable file sharing was
> :
> if user A wants a file from user B , user A go to my network places >view
> workgroup computers>computer of user B then he will find the shared
> folder .
> now users can not share their folders .
> what can i do to acheive - (enable folder sharing between users )- this
> goal
> in the domain ? plz give me details.

You need to provide permissions to users from the domain\user_name account.
The share permissions are probably all defined as local computer\user_name
account.

> 2.i want to prevent users from opening any audio file or photo file ? how
> ?

You will have to remove all players that play or show the audio or photos.
Once you have removed them and taken away adminstrative control don't
provide them with any more permissions than they need to do there work.

> 3.i want to prevent them from installing programs ? how ?

Make them ordinary users. No power user or local admin group. Without this
ability not only can't they install programs they can't get infected with
virus or spyware since they don't have the ability to install software
malware can't impersonate the user.

> 4.can i control their local policy on their machines if they want to logon
> localy without loging to domain ?

You can apply group policies that impact locally and don't allow them to be
over written.

http://www.comptechdoc.org/os/windows/win2k/win2kgpolicies.html
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/management/csws2003.mspx
http://www.microsoft.com/windowsserver2003/technologies/management/grouppolicy/default.mspx


> thank you very much
> but give me details plz
> yousof
>


.

Relevant Pages

  • Re: Can;t access folder... where I have full access
    ... Arcserve reported 4 folders not backed up due to permissions denied. ... When I checked the Permissions on the folders, Local Admin group has full ... If you use dedicated service account to run ArcServe, you should make this account member of Backup Operators special group on the computer where you want to perform the backup. ...
    (microsoft.public.windows.server.general)
  • Re: Hiding Telephone number from AD search
    ... Not only do normal users have the ability to see their telephone number, they have the ability to change it. ... It is a member of the personal information property set and that permission is granted explicitely on every user object created so inherited ACEs (permissions placed on the OU or domain structures) will not correct this. ... You could also look at the new confidentiality support in Windows Server 2003 SP1 AD. ...
    (microsoft.public.windows.server.active_directory)
  • Managed By option doesnt let uses manage distribution list
    ... Is there a better way to allow users just the ability to manage the ... Click the Security tab, ... In the Permissions box, click Allow Read Members, and then click ...
    (microsoft.public.exchange2000.admin)
  • Re: gzip TOCTOU file-permissions vulnerability
    ... I might suggest configuring your e-mail client not to ... attribute e-mail addresses in replies (at least to mailing lists)... ... > intended permissions, there would be no way to then write the file. ... user ability to write to their own files, ...
    (Bugtraq)
  • Re: How to remove "on behalf of" in the from field in outlook
    ... >> I think that what you are looking for is the ability for users to Send AS ... >> Add a new account to the permissions, by default it will likely grant Full ... >> Ben Winzenz ...
    (microsoft.public.exchange.admin)