Re: Shared folder security tab...Windows 2003 server
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 24 Feb 2006 20:51:08 -0600
A user that creates a file/folder will be the owner of such and be able to
change permissions on them even if they have no explicit permissions. That
is the way the operating system handles owners and by default the owner gets
full control due to the creator owner placeholder that you see in advanced
permissions. You can change what permissions that creator owner applies to
the owner but the owner still can always grant themselves permissions if
they want to and know how to. If you have a need to you can change the owner
of any folder/file as an administrator via the command line or via the GUI
for Windows 2003 in properties/security/advanced/owner. If you want to hide
the security tab to make that more difficult for the user [not impossible as
Colin indicated] then you need to configure Group Policy to hide the
security tab on all the client computers. If the computers are members of an
Active Directory domain you can do that easily via Group Policy at the
domain or Organizational Unit level. --- Steve
http://www.mcmcse.com/microsoft/guides/ntfs_and_share_permissions.shtml ---
NTFS and share permissions explained
"cyanide00" <cyanide00@xxxxxxxxx> wrote in message
news:1140828209.434300.287160@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am a network admin and I am trying to setup a file managment system.
We want to have 3 or 4 different user levels, example...one can delete,
add and modify files (but not folders), one can only execute and add
but not delete, one can only execute, and the last one has no access. I
started on the highest level first (delete, add and modify) and was
able to implement that, however I have the problem of the user being
able to right click and go into properties -> and then see the security
tab and modifying their own permissions. I tried using the group policy
editor to remove the security tab. While this worked for local folders
when actually being in the server shared folders when viewed on the
network are still showing the security tab. I tried everything...anyone
have any ideas I would appreciate it very much! Would I have to edit
each computer's registry trying to access the shared folder?
Don't worry about the Security tab itself-- that's just the graphical
interface. You actually need to restrict the permissions granted because
0
even if you lock out the Security tab, users could still use command-line
tools or other utilities to get in to the files.
Make sure that the user is not a member of a group that has "full control"
on the folder(s)
http://www.microsoft.com/technet/technetmag/issues/2005/11/HowITWorks...
http://www.microsoft.com/technet/technetmag/issues/2006/01/HowITWorks...
I acutally have that Magazine article in front of me...but it doesnt
talk about shared folder permissions. The user is not part of any group
with full control. The BIG problem is that once the user is in the
folder they can click any subfolder and manually change their own
permissions (under group or user names) under the security tab. How can
I stop this??? My solution was to hide the security tab because it
would stop anyone who wanted to easily right click and do this.
.
- Follow-Ups:
- Re: Shared folder security tab...Windows 2003 server
- From: cyanide00
- Re: Shared folder security tab...Windows 2003 server
- References:
- Shared folder security tab...Windows 2003 server
- From: cyanide00
- Re: Shared folder security tab...Windows 2003 server
- From: Colin Nash [MVP]
- Re: Shared folder security tab...Windows 2003 server
- From: cyanide00
- Shared folder security tab...Windows 2003 server
- Prev by Date: Re: Is there a direct link to SP2 patch files?
- Next by Date: Re: User Rights Assignment - not available
- Previous by thread: Re: Shared folder security tab...Windows 2003 server
- Next by thread: Re: Shared folder security tab...Windows 2003 server
- Index(es):
Relevant Pages
|
|
