Re: (plz read Jupiter Jones) Adminstrator/Limited User Security Issues
From: Jupiter Jones (jones_jupiter_at_hotnomail.com)
Date: 04/30/03
- Next message: Scott S.: "No option to "remember password""
- Previous message: Luke: "Second Logon Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Apr 2003 14:28:11 -0600
Something does not seem quite right.
If the users are Limited Users, all accounts have their own passwords,
file system is NTFS and Administrator sets permissions.
Have Administrator Take Ownership:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q308421&
Then set permissions and no one should be able to change the
permissions unless they have Administrator access.
Create a new Limited User account to see if it works properly or not.
-- Jupiter Jones An easier way to read newsgroup messages: http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp Please respond to newsgroup only for everyone's benefit. "GHS-Apathy" <cel_ss@hotmail.com> wrote in message news:006d01c30f30$f30454a0$a301280a@phx.gbl... > in response to u saying: > ------------------------------------ > This "Users and Administrators can control the files." > Should have been "Users and Administrators can control the > files in > the users own profile." > ------------------------------------ > I wrote: > > the files are not in anyones specific profile, they are in > the shared documents folder so that anyone can access them > from the central folder. But even if the files/folders > were just in someones profile, or if they are in a shared > documents folder like they are now, shouldnt the > administrator account be able to allow/disallow security > privlidges. ive made it so that some accounts have access > to some of the files in the shared documents folder, and > that works fine unless one of the other user accounts goes > in and changed the ownership and begins to modify stuff. > > lemme know what u think. > > >-----Original Message----- > >This "Users and Administrators can control the files." > >Should have been "Users and Administrators can control > the files in > >the users own profile." > > > >-- > >Jupiter Jones > >Check the following link for some great problem solving > newsgroups. > >http://support.microsoft.com/newsgroups/default.aspx > >Please respond to newsgroup only. Everyone can benefit > from the > >message. > > > > > >"Jupiter Jones" <jones_jupiter@hotnomail.com> wrote in > message > >news:%23hAJBh0CDHA.2316@TK2MSFTNGP10.phx.gbl... > >> Can they change the access for items under any profile > or just > >theirs. > >> Users and Administrators can control the files. > >> > >> -- > >> Jupiter Jones > >> An easier way to read newsgroup messages: > >> > http://www.microsoft.com/windowsxp/pro/using/newsgroups/set > up.asp > >> Please respond to newsgroup only for everyone's benefit. > >> > >> > >> "GHS-Apathy" <cel_ss@hotmail.com> wrote in message > >> news:049401c30b3f$79d2d010$a001280a@phx.gbl... > >> > ok, heres a run down on how the computer is setup... > >> > > >> > im a student at greenwich highschool in 11th grade. > in > >> > the computer graphics classroom that iam in, there are > >> > multiple computers. only one of them has windows xp > at > >> > the moment, so im trying to figure out how to setup > the > >> > security on that computer so we can set it up on all > the > >> > rest of the computers when XP is put on them. > >> > > >> > now on the one computer with windows xp, there will > be a > >> > total of 5 users. 1 admin, and 4 (limited access) > users > >> > with different levels of access. there are 5 > different > >> > programs, and each level of user has a different > level of > >> > access to each program. 3 users might have access to > >> > program A while 2 users have no access at all. > >> > > >> > i have setup all the accounts, and created dummy > program > >> > folders for testing the security. so i set > permissions > >> > for all the different users for the programs. > everything > >> > from there works fine, but there is a problem. if i > go > >> > into the user with the lowest level of access, i can > still > >> > goto the security tab and change access for all the > other > >> > users. i do not want anyone to be able to change > >> > permissions but the admin. the users are only being > >> > denyed/allowed access to 5 different folders all > shared in > >> > the shared documents folder. the ONLY problem i have > is > >> > that anyone can go in and add/remove and alter the > >> > permissions for any of the users. i want only the > admin > >> > to have those rights. how do i change it so that no > other > >> > user can change any of the permissions. when i use > >> > advanced permission editing from the admin account, i > set > >> > it so that the other user is not able to > read/change/take > >> > ownership of the folder. but when i go into the other > >> > user, i try to view security on the folder and > something > >> > pops up saying that i cant change anything about the > >> > permissions, but it says that i can "take ownership or > >> > edit the auditing". so i go in as the limited user, > make > >> > myself the owner and now i can add/change/remove/edit > the > >> > permissions and security. now obviously most people > wont > >> > go this far to try to do all this, but if there is 1 > >> > person that will, then they can screw it up for > everyone > >> > else. help me again ---GHS-Apathy > >> > > >> > >-----Original Message----- > >> > >Stay away from encryption until you fully understand > >> > these documents > >> > >to keep from permanently losing the data. > >> > >EFS is very good at what it does and there is no back > >> > door. > >> > > >http://www.microsoft.com/windowsxp/pro/techinfo/administra > >> > tion/recovery/default.asp > >> > >(58 pages) > >> > >http://support.microsoft.com/?id=223316 > >> > > > >> > >Is file system NTFS? you need to be for any kind of > >> > security. > >> > >Disable Simple File Sharing: > >> > >http://support.microsoft.com/default.aspx?scid=KB;EN- > >> > US;Q307874& > >> > > > >> > >Are other users Administrators? > >> > >Any Administrator can do and undo anything any > >> > Administrator can do. > >> > >You are best to have two accounts for yourself, > >> > Administrator for > >> > >administrative tasks and Limited User for everything > else. > >> > >All other accounts should be Limited Users otherwise > they > >> > can do > >> > >anything as Administrator. > >> > >Each user that desires privacy should also set a > password. > >> > > > >> > >-- > >> > >Jupiter Jones > >> > >An easier way to read newsgroup messages: > >> > > >http://www.microsoft.com/windowsxp/pro/using/newsgroups/se > >> > tup.asp > >> > >Please respond to newsgroup only for everyone's > benefit. > >> > > > >> > > > >> > >"GHS-Apathy" <cel_ss@hotmail.com> wrote in message > >> > >news:088801c30a6e$0e09f600$a301280a@phx.gbl... > >> > >> I am having a problem with making folders > completely > >> > >> secure on my computer with Windows XP. There are > >> > >> currently 5 users, all with different levels of > security > >> > >> on specific folders. I tried the encryption > route, but > >> > >> that didnt work too well so i tried setting > permissions > >> > >> for all my users from the admin account, but when > i went > >> > >> into the other accounts, i found that the other > users > >> > >> could change access levels of the rest of the > users, > >> > they > >> > >> could allow/disallow privlidges on folders. I do > not > >> > want > >> > >> anyone to be able to change permissions except for > the > >> > >> admin account. If possible i would like to not > allow > >> > the > >> > >> security tab in the properties of a folder to be > >> > displayed > >> > >> at all to anyone except for the admin. How can i > >> > prevent > >> > >> this from happening....does it have something to > do with > >> > >> auditing? *HELP*
- Next message: Scott S.: "No option to "remember password""
- Previous message: Luke: "Second Logon Box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
