Re: Setting Program Privileges

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 12/06/03 

Date: Sat, 06 Dec 2003 00:39:45 GMT

There are a couple of ways. First a user needs to have proper ntfs permissions to
execute a program. By giving a user deny or no [implicit deny] permissions to the
folder/executable, then they will not be able to run the program. Be careful with
deny permissions, as administrators are also members of the everyone and users group.
Keep in mind that event though a user can not execute Internet Explorer, they may
still be able to browse the internet various other ways on the computer such as
through Explorer or even url links in Word,etc. Ntfs permisions are accessable by
selecting file/folder properties and then choosing security, but only if the drive
volume has been formatted with ntfs instead of fat32.

Another way to restrict users is using Group Policy [via gpedit.msc on local
computer] to not run certain applications. But if a user can rename an executable,
they can work around it. Between this and ntfs permissions, you can reasonably
control what a user can run on a computer if they are only members of the users group
and not administrators or power users. A skilled malicious user could use methods to
work around these restrictions however. --- Steve

http://www.windowsitlibrary.com/Content/592/1.html#1
http://support.microsoft.com/default.aspx?scid=kb;en-us;323525

"Nathan" <anonymous@discussions.microsoft.com> wrote in message
news:03b101c3bb7b$4322c6f0$a301280a@phx.gbl...
> Can anyone tell me if it's possible in Windows 2000 Pro.
> using administrator privileges to deny certain users the
> ability to access any but a small number of programs? We
> have a lab computer that we recently set up, but we would
> like some of the users to only have access to programs
> that they need (e.g. IE, Word, etc.). Anyone know how to
> set this up?
>
> Thanks in advance.

Relevant Pages

  • Re: Directory Security
    ... and execute when you browse the site. ... the default settings remained. ... > that we never include IUSR read permission to system32 folder. ... Set Basic NTFS Permissions for IIS 5.0 ...
    (microsoft.public.inetserver.iis.security)
  • Re: Need to restrict access to an EXE in IIS6
    ... I went into Windows Explorer and set the NTFS permissions on the support.exe ... I then looked at the Default Web Site using IIS Manager, and set Execute ... My original problem was trying to get it to prompt for name and password. ... >> file to Deny for Everyone, it will still download ...
    (microsoft.public.inetserver.iis.security)
  • Re: Prevent user from running program?
    ... executable so that the user/group does not have execute permission either ... administrators but is much more powerful than NTFS permissions because power ... I was wondering how an administrator can prevent a power user from ... how can I block running a program if it is in one ...
    (microsoft.public.windowsxp.security_admin)
  • Re: .exe files
    ... >> only administrators can execute .exe files. ... >> through ntfs permissions and made sure the virtual ... >Tom Kaminski IIS MVP ...
    (microsoft.public.inetserver.iis.security)
  • FIle and Folder Security
    ... So far we have changed the WINDOWS directory to "Deny" ... We made a public folder but we keep getting "The file ... directory above set to allow Read & Execute, List, Read ...
    (microsoft.public.windowsxp.security_admin)