Re: Locking down drive access

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Cláudio Rodrigues [MVP] <CR@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 4 Nov 2006 14:09:22 -0500

One thing is hiding the drive. When you say the user has full access if going through Word do you mean if you set a certain subfolder to Read Only (NTFS permission) he is able to write to that folder? I do not think that is the case.
I think you mean you are hiding the drive but through Word he can see it. If that is the case, welcome to Office holes in a TS environment.
The best you can do is use NTFS permissions everywhere to make sure every single folder is locked/protected from the users.

--
Cláudio Rodrigues
CEO, TSFactory Inc.

Microsoft MVP
Windows Server - Terminal Services
http://www.tsfactory.com
"Peter W" <PeterW@xxxxxxxxxxxxx> wrote in message news:%23DcdcSBAHHA.4864@xxxxxxxxxxxxxxxxxxxxxxx

Hi
I am in the process of putting together a terminal server for a client with 8 PC's located in 4 offices around the state.
I am happy with the way it's coming together except for one issue.

One user is to have access to one data folder only. This lives within d:\data folder as d:\data\user and shared.
I have mapped to network drive to \\server\user mapped as a p: drive.
I have customised the system.adm to hide all drives except the p drive.
I have set NTFS permissions so that the user only has permission to this folder and none other on the d: drive.

When testing as that user, within windows explorer if I type "d:\" in the address bar I get a "you have no access" message.
But if I open MS Word or Excel and go to "open file" the type "d:\" into the "file name" box I get full access to the drive and can open restricted files. Even though NTFS permissions are not allowed for that user.

Can anyone please help? Is this possible to fix or am I best to hope the user doesn't have the smarts to try and access other data?

Peterw

References:
- Locking down drive access
  - From: Peter W

Prev by Date: Re: Terminal Services Automatically Maximizes
Next by Date: Newbie TS questions
Previous by thread: Locking down drive access
Next by thread: Newbie TS questions
Index(es):
- Date
- Thread

Relevant Pages

Re: Folder views for NTFS permissions
... seperate drive letter for the Users folder and then another drive ... Is there a way to do this in NTFS without mapping separate drives? ... and "ntfs permissions" for some more specific topics. ...
(comp.os.ms-windows.nt.admin.security)
Re: need to remove unewanted folders on backup F drive
... go into Folder Options and change the appropriate settings. ... Recycler folder Windows will, as you've seen, recreate it when you reboot. ... you should adjust the size allocated for the Recycle bin on your F ... On the Global page, select "Configure drives independently". ...
(microsoft.public.windowsxp.configuration_manage)
Re: need to remove unewanted folders on backup F drive
... The Recycler folder is a hidden systems folder. ... As for the System Volume Information folder, ... In the "Available drives" box, click on your F drive to ...
(microsoft.public.windowsxp.configuration_manage)
Re: 2k8 Mapped Network Drive GPO - NTFS Permissions?
... Mapped drives assume valid paths, and you should use shares only, meaning that you CAN'T map a drive to a folder that isn't shared, AVOID using the user profile path for this, use instead a shared folder. ... I've been googling but I can't find the NTFS permissions structure required for the share root folder. ...
(microsoft.public.windows.server.active_directory)
Re: running out of space.........I "guess"?
... As long as there is free disk space elsewhere you can run a problem free computer with much less than 20 gb. ... Using a computer on a daily basis makes it pointless retaining restore points for more than 14 days. ... the text of the folder name appears in blue characters. ... assuming I need to get partition magic or backup both drives (image ...
(microsoft.public.windowsxp.general)