Re: Denying file access

From: Oli Restorick [MVP] (oli_at_mvps.org)
Date: 11/17/04 

Date: Wed, 17 Nov 2004 01:30:30 -0000

Hi

Accessing a file using Word, Explorer, or any other application will always
use the credentials of the user. The computer account doesn't come into
play. The usual reason for using a computer account in an ACL is to allow
the computer access a network resource from a startup script or software
installation group policy (which both run under the context of the machine).

I don't believe that what you are asking for is possible. You can restrict
a file to one person, but I can't think of any way to do so for a particular
user at a particular machine. Of course, anyone with administrative
privileges on the file server will also be able to gain access to the file.

Regards

Oli

"Enrique" <Enrique@discussions.microsoft.com> wrote in message
news:502B38FD-44BA-42F8-8511-6F4DA606D40E@microsoft.com...
> I'm trying to make a folder unaccessable to everyone, except for one of
> the
> users. This folder within a share folder in a windows 2003 server. I have
> denied full access to everyone in our domain and unchecked for the parent
> inheritance as well. However, what I'm trying to do is to make this folder
> accessable for one specific person logged in to our network under one
> specific computer. Currently, only the person with the full access is able
> to
> access this folder, however, if this person logs in with a different
> computer
> (this computer was denied access), this person is still able to access his
> folder. How can I prevent this? Is there any additional steps that I need
> to
> do.
>
> I also would like to make this folder undeletable. No one should be able
> to
> delete this folder, according to the access denied that I specified under
> the
> folder's permissions and auditing tab; however, others can still delete
> this
> folder. Is there such a thing as an undeletable folder?
>
> Please help
>
> Thank you in advance.
>
> -Enrique

Relevant Pages

  • Re: Duplicate MyDocuments root
    ... The problem is that I had to rebuild the server from scratch, ... Rejoin domain ... Login as USER (create root folder) logout ... > try resetting the domain computer account and rejoining it. ...
    (microsoft.public.windows.server.general)
  • Re: Deploying software packages & permissions
    ... computer account are used to access the network, ... > I created a folder on my network for deploying my software packages. ... > account I am a little puzzled how the permissions will apply. ...
    (microsoft.public.win2000.active_directory)
  • Re: Profile question...
    ... computer account. ... profile, but the option is grayed out. ... I then tried to copy contents of the doc & settings\user folder to doc ... doc & settings folder to only allow system & his local account access ...
    (microsoft.public.windowsxp.general)
  • Re: Folder permissions based on computer name instead of user name
    ... Although you can create a group of computer accounts and set a Deny for it, ... folder based on specific user accounts or groups. ... the computer account that is being used to access the server, ... me apply a user policy based on the computer account in the OU, ...
    (microsoft.public.windows.server.security)
  • Re: Using a resource pool with a Master project
    ... It my be superstition and I cannot "prove" it works, but it seems to work to avoid file corruption issues related to linked subproject and resource file. ... Remember that Project stores the entire full path for linked files. ... a file on a file server could be: ... Do not copy from source mpp files on file server into the person's private profile space, e.g. in a folder under "My Documents". ...
    (microsoft.public.project)
Quantcast