Re: XP Policies (like PolEdit)

From: Daniel Kerr (dkerr_at_satx.rr.com)
Date: 09/03/03 

Date: Wed, 3 Sep 2003 09:50:13 -0500

Ok, here's a kicker. maybe i'm being a bone head about this, but just how
the heck do you change the NTFS permissions under xp? I do the normal right
click and select properties and I get nothing about allowing/denying access
to any folder. I'm sure I'm just missing something and with these sinus
meds am not thinking right...

Any clue?
"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:ebQI%23AccDHA.1772@TK2MSFTNGP10.phx.gbl...
> Daniel,
>
> The Deny method if my favorite when it is a specific
> account or group like Administrators that need exemption.
> The method MS seems to favor, see the link Doug has
> posted, is generalizable, allowing different settings for
> different accounts, whether or not admins, but it has the
> flaw that you basically start over when you need to make
> a change to the desired policies.
> Poledit, in a non-domain setting does work. You will
> need to import/modify to get the settings you want.
> You should, for your planned usage, look into using
> Software Restriction Policies. These will greatly help
> in defining a kiosk environment - as it is easy to overlook
> some of the way people can escape the planned applications
> and get to a cmd prompt.
>
> --
> Roger Abell
> Microsoft MVP (Windows, Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Daniel Kerr" <dkerr@satx.rr.com> wrote in message
> news:O9hAeUZcDHA.1580@tk2msftngp13.phx.gbl...
> > Ok, here's the deal.
> >
> > I am about to deploy a PC to a public area. The ONLY thing I want
people
> to
> > be able to do is open IE, and of course lock it to say 3 of our
websites.
> > In Win98 or even NT this would not be very hard at all. I would simply
> open
> > PolEdit, make an account for either the group or username, and then
apply
> > the restrictions. This way, when the user logs in, they lose all access
> to
> > everything in the computer (control panel, etc), yet I can get in under
> the
> > admin account that doesn't have this policy applied and make changes.
> >
> > So far I have been beating my head in trying to get a solution to this
> > problem. It seems XP Pro wants to use the group policy. That's
wonderful
> > as it has all the settings I want to change, but only one catch. These
all
> > seem to be machine settings. IE, I remove the shutdown button from the
> > start menu, my admin account also has it gone. As you can see, this is
a
> > huge issue as I don't want to lock myself out of doing things to the
> > computer.
> >
> > Due to the insecure nature of this system, we do NOT want it on our
domain
> > (or even on our network for that matter). So, does anyone have a
> solution?
> > PolEdit from the OfficeXP resource kit would work, but it won't let me
add
> > the system settings that I want...
> >
> > Any help will be GREATLY appreciated.
> >
> > Thanks for any assistance you guys can give...
> >
> >
>
>

Loading