Re: deny access to all but 1 folder
- From: "Andy Dyble" <andy.dyble@xxxxxxxxxxx>
- Date: Sat, 26 May 2007 22:38:32 +0100
Denying access would be fine. All I want is the user only to have access to
one folder. I thought with 2003 that users had no access to any folder
unless specifically granted. I don't want user logging in and deleting or
modifying files and folders in drive c:.
Andy
"Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Xns993CEC3E9CDCFveranoesthemutforsse@xxxxxxxxxxxxxxxx
You have to differentiate between "hiding" and "denying access".
These are 2 completely different things. Hiding is a purely
cosmetic feature, which doesn't provide any security (other than by
obscurity). Denying access with NTFS permissions doesn't hide the
folders, unless you use Access-Based Enumeration on shared folders.
You cannot deny access to the whole C: drive, since users must have
at least Read + Execute rights to most parts of the program files
and system folders.
And you cannot deny access to Documents and Settings either,
because it is their own profile, so they must have full control
there.
The default NTFS permissions on a Windows 2003 TS need no
modification.
But you can hide the C: drive completely, which means that it isn't
visible in most of the "Open file" dialog boxes in most
applications (but there are exceptions).
After hiding the C: drive, you can give your users access to the
\borland folder by assigning it a different drive letter. Put a
line in your TS-specific logon script with something like:
subst B: C:\program files\borland\
Then teach your users that the Borland files are on the B: drive.
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Andy Dyble" <andy.dyble@xxxxxxxxxxx> wrote on 26 maj 2007 in
microsoft.public.windows.terminal_services:
Dragos, I'll try and explain a bit better, I was a bit too
brief.
The user is existing.
My main objective is to deny access to all of drive C for a
user, except c:\program files\borland\
using NTFS security.
Thanks
Andy
"Dragos CAMARA" <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:B4073FBF-0271-4560-B2C8-1D90A6BE00E3@xxxxxxxxxxxxxxxx
hi,
for existing users it is possible, but for the user who will
login for the first time?Another solution is to redirect the my
documents folder. --
Dragos CAMARA
MCSA Windows 2003 server
"Andy Dyble" wrote:
"Dragos CAMARA" <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:A86AB887-B62E-4628-8A31-52427D3C480E@xxxxxxxxxxxxxxxx
hi,
create mandatory profiles for users who use TS.
--
Dragos CAMARA
MCSA Windows 2003 server
"Andy Dyble" wrote:
Hi
On our TS, we are tryong to deny access to the whole of
drive C, except
one
folder, which requires all users to have list, read,
execute rights, and
one
or more extra folder for each user (not home though), that
require modify
as
well.
We tried applying security to drice C:, this looked like it
was working
because users were getting access denied, but then found
they can open My
docouments and any other folder inside the drive.
TS= 2003 Standard, member server to 2003 Ad server.
Thanks
Andy Dyble
Cheers Dragos, but shouldn't this be possible using NTFS
permissions ?
ANdy
.
- Follow-Ups:
- Re: deny access to all but 1 folder
- From: Vera Noest [MVP]
- Re: deny access to all but 1 folder
- References:
- deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Vera Noest [MVP]
- deny access to all but 1 folder
- Prev by Date: Re: thin client com ports
- Next by Date: Re: Down (##) and System Locks up
- Previous by thread: Re: deny access to all but 1 folder
- Next by thread: Re: deny access to all but 1 folder
- Index(es):
Relevant Pages
|
Loading
