Re: Folder security by GPO
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/21/05
- Next message: Steven L Umbach: "Re: securing files in a public PC"
- Previous message: Steven L Umbach: "Re: Unknown startup items"
- In reply to: Mike St.Onge: "Re: Folder security by GPO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Jan 2005 16:16:47 -0600
I see what you mean. If file system does not work then you could use a Group
Policy computer startup script using cacls to assign permissions for the
administrators group to folders/files. Startup scripts run in system context
unlike logon scripts. If you try such be SURE to test on a computer first to
make sure you have the syntax correct for cacls. For instance use the /E
switch to add administrators to existing permissions. Cacls has the benefit
of being built in to the OS. For more power and flexibility you may want to
use fileacls, but it will need to be copied to the computers you want to
modify permissions on first first. --- Steve
http://www.ss64.com/nt/cacls.html -- note info on the yes prompt and how to
configure for such.
http://www.gbordier.com/gbtools/fileacl.htm -- fileacl can also do
inheritance modifications and ownership
"Mike St.Onge" <Mike St.Onge@discussions.microsoft.com> wrote in message
news:C56CBE3E-4ED0-470E-872E-8398C61D07FA@microsoft.com...
>I am having the same issue. What we are trying to do is set up a generic
> file system security through Group Policy in the Computer Config - Windows
> Settings - Security Settings - File System. Say I want to grant the local
> Admins group, of every computer that receives that policy, full access to
> the
> C drive. When I try and add permissions in GP, it only lets me add the
> administrators group for the machine I am currently working on.
>
> The question is, is there a way to generically say "grant the local
> administrators group full access to the C drive" and have it apply across
> the
> board to all workstations receiving the policy?
>
> Another visual. I want to set a policy such that Server A gets the policy
> and grants Server A's local admin group full access to a particular file
> on
> Server A and Server B grants Server B's local admin group full access to
> the
> same file located on Server B, Server C to Server C's local admin group,
> etc
> ...
>
> I still don't know if that makes sense, but thats the best I can manage.
>
> "Steven L Umbach" wrote:
>
>> Were you able to select "administrator" as the user to give permissions
>> to?
>> That should be an option instead of administrarors. --- Steve
>>
>>
>> "HenRy" <ask@me.com> wrote in message
>> news:u75V%23a52EHA.936@TK2MSFTNGP12.phx.gbl...
>> > Yes, but MY local admin appears and what I want is that the local admin
>> > of
>> > each computer has access to a folder (not MY local admin group)
>> > in each computer
>> > thanks
>> >
>> > "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
>> > news:A1asd.130633$V41.27748@attbi_s52...
>> >> Administrators group is a built in group on all computers. You should
>> >> have that as a choice when you configure the permissions? --- Steve
>> >>
>> >>
>> >> "HenRy" <ask@me.com> wrote in message
>> >> news:O%23p7e9X2EHA.1192@tk2msftngp13.phx.gbl...
>> >>>I want that a folder in a computer be accesible only for the local
>> >>>administrators of each computer.
>> >>> I tried with Computer Configuration / Windows Settings / Security
>> >>> Settings / File System but I can not add the local admin group of
>> >>> each
>> >>> computer. I can only setup my local admin group
>> >>> Any idea?
>> >>> thanks
>> >>>
>> >>
>> >>
>> >
>> >
>>
>>
>>
- Next message: Steven L Umbach: "Re: securing files in a public PC"
- Previous message: Steven L Umbach: "Re: Unknown startup items"
- In reply to: Mike St.Onge: "Re: Folder security by GPO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
