Least amount of privileges

---

• From: "John" <IDontLikeSpam@xxxxxxxxxxx>
• Date: Thu, 9 Feb 2006 11:58:50 -0800

---

Hello,

I apologize if this is a novice question as I'm not too familiar with active
directory and hope this is the appropriate place to post this.

We have a Windows 2000 Server that runs a 3rd party application that
connects to our SQL Server 2000 that is running on this same server. Our
users are getting to this 3rd party program through Terminal Services that
is set up on this same Windows 2000 Server. Our users are currently members
of ordinary Active Directory Domain Users. I notice recently that this 3rd
party program allows users that use this program to create files and asks
for folder locations, etc... which I'm a little weary about. In this case
I'd like to limit these ordinary Active Directory Domain Users who are part
of the Remote Desktop Users group that allows them to run the Terminal
Services to only be able to run this 3rd party program that connects to the
SQL Server 2000 database that is on this server and give them write/read
access to only the 'C:\Program Files\3rd party application folder
location\'. I was about to right click our server's C drive and remove the
Active Directory ordinary Domain User group from the security tab but was
second guessing in wondering if they would need some type of write, execute
or some other privileges to the Windows and SQL Server system folders, files
and subfolders and not have anything crash on them while they're connected
through Terminal Services. I just want to give them the lease amount of
privleges on this server and only 1 folder that they can do their 3rd party
writing/viewing permission to. Sorry if this sounds confusing or is too
much detail but am hoping this is possible.

Thanks in advance.

John


.

---

• Follow-Ups:
  • Re: Least amount of privileges
    • From: Paul Bergson

• Prev by Date: Re: AD Disaster Recovery
• Next by Date: Re: Replication
• Previous by thread: MS Shared Toolkit
• Next by thread: Re: Least amount of privileges
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Least amount of privileges ... It depends on what the domain users group has for permissions. ... Does this third party program have a service account that runs the app for ... moving this app off of your sql server and put it on a seperate server. ... (microsoft.public.windows.server.active_directory) Re: Shared Folder NTFS Permission Problems with Domain Accounts ... I just tried sharing the folder using Domain Users and it did indeed work. ... Odd thing was though that the domain was already in Server 2003 native mode. ... You cannot use LOCAL groups of the domain on non-DCs unless you are ... (microsoft.public.windows.server.general) Re: ftp code ... See http://www.QBuilt.com for all your database needs. ... server use SSL. ... Are the function calls in WININET.DLL capable of using SSL? ... PuTTY (a free 3rd party program) for the latter. ... (microsoft.public.access.modulesdaovba) Re: ftp code ... If you're interested in checking out the free PuTTY, ... server use SSL. ... Are the function calls in WININET.DLL capable of using SSL? ... PuTTY (a free 3rd party program) for the latter. ... (microsoft.public.access.modulesdaovba) Permissions 101 ... I know this should be simple but how do I set the permission on a folder ... being served by a windows 2003 server such that DOMAIN USERS can create, ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)