Re: Permissions in Domain Local group

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/07/05 

Date: Thu, 7 Apr 2005 12:55:56 -0500

Permissions for a local group are used to give that local group access to
folders, print shares, and user rights assignments. For a folder you right
click the folder that you want to restrict, select properties - security,
add the local group to the folder with the permissions you want that local
group [thus users nested in it] to have assuming you are using ntfs
permissions. Usually for a standardized desktop you use mandatory roaming
profiles [changes to profiles will not be saved at logoff] and/or Group
Policy to implement it. If you are referring to the desktop screen itself
that the user sees when he logs on, you can restrict a users permissions to
their desktop folder under documents and settings so that the user has only
read/list/execute permissions. This can be done via a logon script using the
cacls or xcacls command using the %username% variable in a Group Policy
logon script. You can also create default profiles that will be used when a
user first logs on to get their user profile. Keep in mind that the "all
users" profile will be merged with any users profile. You may also want to
post in one of the Microsoft setup_deployment newsgroups. --- Steve

"Bob Feller" <Bob Feller@discussions.microsoft.com> wrote in message
news:F0414255-C1E6-497E-AB6F-42EE722E1527@microsoft.com...
>I don't know if this is the right forum for this, so please forgive me if
> it's not.
> Hi,
> I'm trying to find the best way to create a standardized desktop for all
> users. There will be several desktops (different desktops for different
> departments) I have a single Windows 2000 domain. I have researched this
> and
> it seems like the best way to do it would be create a Global Group, add
> that
> to a Local Group, and assign permissions to the local group. I don't kow
> how
> or where to add permission to users in the local group. I'm familiar with
> group policy, but I don't know if that applies here. The workstations will
> all be XP, will this cause a problem?
> If anyone needs any other information, please let me know..
> Thanks!

Relevant Pages

  • Re: NTFS Deny not Working STRANGE
    ... Out of curiosity try using a local group instead of a domain local group to ... a member of a group that has allow permissions to the folder such as users, ... Even though deny permissions should work, ...
    (microsoft.public.windows.server.security)
  • RE: Shared Folder Error in SBS
    ... same thing happened to me after installing SBS 4.5 years ... the folder through the network or no-one can. ... set your permissions, because it is much more robust. ... or a domain local group, and place a global group with the ...
    (microsoft.public.windows.server.sbs)
  • Re: local group / global group permissions problem
    ... It appears to have been a DNS problem. ... > global group in effective permissions. ... > the local group however as you mention. ... As far as the firewall, if you can temporarily disable it ...
    (microsoft.public.windows.server.security)
  • Re: Restrict Users from Installing programs
    ... permissions to the root/drive folder and be sure to check advanced ... applications will try to create a folder during the install. ... Use local Group policy via gpedit.msc. ...
    (microsoft.public.win2000.networking)
  • Re: Limiting Limited Access Accounts.
    ... Go to properties/security/advanced and remove the permissions ... Create a local group and name it students. ... permissions on any program folder or stand alone executable you do not want ...
    (microsoft.public.windowsxp.security_admin)