Re: deny access to all but 1 folder
- From: "Andy Dyble" <andy.dyble@xxxxxxxxxxx>
- Date: Tue, 29 May 2007 16:25:25 +0100
Vera
I think you're right. I've not done a good job of explaining it !
Under my "Term server" - not "PC" for c:\windows\system32 is :
Account Uknown : evrything except Full control
Administrators: full control
creator owner - nothing checked
system - full control
users - Read/Execute, List, Read
I have some remote users who can access everything ok, maybe a little too
much though. I can screw this down little by little as I need. With this
in mind I tried just copying one of these users to create my new user. They
can't start delphi because of some access restrictions. The errors don;t
really mean much - access violatons etc. and I don;t expcect you to be
familiar with it. The only folders delphi uses when starting are system32
and c:\program files\borland\delphi and maybe something in subfolders, and
the registry of course.
I'm getting to the point of paying someone to access this and get it
working, as I've got programmers twiddling their thumbs at the moment.
Thanks
Andy
"Vera Noest [MVP]" <vera.noest@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:Xns993FA2C0A2F43veranoesthemutforsse@xxxxxxxxxxxxxxxx
Andy, I've got the feeling that we have a misunderstanding going
on, because with the default NTFS permissions on the C: drive, and
normal user rights, this should be impossible.
When I look at the secuirty settings on my C:\Windows\system32
folder, it says:
Authenticated Users : Read + Execute
Server Operators : Modify
Administrators, CREATOR OWNER, SYSTEM : Full Control
So no way can a normal user delete anything under system32.
How are your permissions on that folder?
And you say: "the user can delete anything they want in
system32 or any other folder on the PC"
Is "PC" a typo? Aren't we talking about a Windows 2003 Terminal
Server?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___
"Andy Dyble" <andy.dyble@xxxxxxxxxxx> wrote on 29 maj 2007 in
microsoft.public.windows.terminal_services:
Vera
I understand what you mean about hiding etc. but in response to
:
Again: what is your problem with these users having the default
NTFS permissions on c:\windows\system32\?
I tried this and the user can delete anything they want in
system32 or any other folder on the PC, they might as well have
admin rights.
It looks like the only option is to configure security on every
top level folder in drive C, which isn;t the end of the world.
Thanks
Andy
.
- References:
- deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Vera Noest [MVP]
- Re: deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Vera Noest [MVP]
- Re: deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Vera Noest [MVP]
- Re: deny access to all but 1 folder
- From: Andy Dyble
- Re: deny access to all but 1 folder
- From: Vera Noest [MVP]
- deny access to all but 1 folder
- Prev by Date: COM1 poor performance
- Next by Date: Re: Adobe Reader on NT 4.0 TS SP6
- Previous by thread: Re: deny access to all but 1 folder
- Next by thread: Re: deny access to all but 1 folder
- Index(es):
Relevant Pages
|
