Re: Is there anyway I can stop users moving folders to other folders?
From: Pab (pablo_at_---if-you-are-not-a-spammer-take-this-out---pabs2003.plus.com)
Date: 05/05/04
- Next message: Rafael: "Password"
- Previous message: Sandy: "How do I Install MS04-011 without some components"
- In reply to: Steven L Umbach: "Re: Is there anyway I can stop users moving folders to other folders?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 05 May 2004 16:27:39 +0100
Hi Steve,
I've checked on the root drive and this is what I get :-
Data (E:) Properties
[ tab Security ]
Name:
Everyone
Permissions Allow Deny
----------------
Full Control no no
Modify no no
Read & Execute YES no
List Folder Contents YES no
Read YES no
Write no no
under Advanced... I get :-
Access Control Settings for DATA (E:)
[ tab Permissions ]
Type Name Permission Apply to
Allow Everyone Read & Execute This folder, subfolders, and
files
[ tab Owner ]
Current owner of this item:
"Administrators (PC2\Administrators)"
and then if I go back to Permissions and do View...
Permission Entry for DATA (E:)
[tab Object]
Name: "Everyone"
Apply onto: "This folder, subfolders and files"
Permissions Allow Deny
----------------- ------- -------
Traverse Folder / Execute File YES no
List Folder / Read Data YES no
Read Attributes YES no
Read Extended Attributes YES no
Create Files / Write Data no no
Create Folders / Append Data no no
Write Attributes no no
Write Extended Attributes no no
Delete Subfolders and Files no no
Delete no no
Read Permissions YES no
Change Permissions no no
Take Ownership no no
Notice you don't see any other group mentioned, only Everyone. Below
THAT you get SYSTEM and Administrators mentioned (re. previous
posting), and moreover, when I try to move folders in this directory
(root) I get no problems at all .. just like if I had complete
privileges.
This shouldn't be allowed to happen and is causing my brain to
overheat. It's very confusing.
Many thanks !!
Bye for now.
Pablo.
On Mon, 03 May 2004 16:17:05 GMT, "Steven L Umbach"
<n9rou@nscomcast.net> did in fact proclaim:
>Thanks for the detailed info - very helpful. From what I can see the user
>would be getting he permission by being a member of the everyone group which
>would give him read/list/execute which should not be enough permissions to
>move a folder just with that group membership. It seems to me that a while
>back there was a similar issue a user was having. Try going to the
>root/drive folder of that drive and make sure that everyone and users have
>no more than read/list/execute permissions at that level and be sure to
>check the advanced page. Also make sure that everyone/users do not have
>excessive permissions in the advanced permission entries of the folder you
>show permissions for. --- Steve
>
>"Pab" <pablo@---if-you-are-not-a-spammer-take-this-out---pabs2003.plus.com>
>wrote in message news:epnc90l5e30c7a82hrltpd2ib8vivkbt6h@4ax.com...
>> Hi there Steve,
>>
>> The person whose access I'm trying to restrict is a member of group
>> Users. Users does not have any rights to change anything in the
>> directory in question. Only Administrators has that right. My user
>> is not a member of Administrators, only of the group Users. Users, as
>> I say, does not have any rights to change anything in that directory.
>>
>> So,
>>
>> - Users is not linked to any other group
>>
>> - my specific user is ONLY a member of that group, Users
>>
>> - Users does NOT have any special rights or privileges in that
>> directory whatsoever
>>
>> - the OWNER of the directory is group Administators, not Users
>>
>> Specifically,
>>
>> When I do Properties in Explorer and do Security in that directory I
>> get :-
>>
>> ADMINISTRATORS :- Permissions Allow Deny
>> ------------------
>> Full Control YES no
>> Modify YES no
>> Read & Execute YES no
>> List Folder Contents YES no
>> Read YES no
>> Write YES no
>>
>> EVERYONE :- Permissions Allow Deny
>> ------------------
>> Full Control no no
>> Modify no no
>> Read & Execute YES no
>> List Folder Contents YES no
>> Read YES no
>> Write no no
>>
>> SYSTEM :- Permissions Allow Deny
>> ------------------
>> Full Control no no
>> Modify no no
>> Read & Execute YES no
>> List Folder Contents YES no
>> Read YES no
>> Write no no
>>
>> If I press "Advanced .." and go to the Owner tab I get...
>>
>> Current owner for this item:
>> "Administrators (PC2\Administrators)"
>>
>> - for that directory.
>>
>> Notice the USERS group is not even in the list. As a member of USERS,
>> however, you can drag-and-drop any directory within this directory out
>> to any other directory you wish by draggin-and-dropping it. This is
>> how my friend lost his file. (as long you have write access to it)
>>
>> As I said, USERS doe not seem to be inheriting any rights from another
>> group and the ownership the directory does not belong USERS, so why is
>> it possible to move out a directory?
>>
>> Many thanks Security !!
>>
>> Bye for now,
>>
>> Pablo.
>>
- Next message: Rafael: "Password"
- Previous message: Sandy: "How do I Install MS04-011 without some components"
- In reply to: Steven L Umbach: "Re: Is there anyway I can stop users moving folders to other folders?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
