Re: Keeping a user captive in XP - restricting writes, directories, etc.

giantcrazy@xxxxxxxxx wrote:
Does anyone know if there's a way to limit where a user can write to
in XP? Preferably without add-on software, but if commercial access
control software is required, recommendations are helpful.

File and Folder permissions (NTFS.)

Without getting into the long and short of it - I have some machines
that are going to be shared, all amongst authorized users. I'd
rather that the users don't see each other's data (which, just
using NTFS permissions would be sufficient if the users behaved
properly), so I'd like to do two things - one, keep all writes
(except for operating system patches/updates/caches/etc.) off the
C: drive and into a designated area (think sandbox, but not quite).
Two, I'm going to devise a set of scripts that would run at logon
and logoff, to cleanse this area to ensure that no data from the
prior user has been left behind.

Unless you have given your users too much power on the local machine - they
should not be able to see one another's files anyway.

Anyone know if what I'm suggesting is feasible/doable? I've never
tried to keep a user completely off C: before, and the research I've
done thus far indicates it's not possible. It is very similar to
most Citrix deployments, where a thin-client user would be given a
C:\ that's read-only (to them at least).

Any advice is greatly appreciated!

I'm really having trouble seeing what it is you are trying to accomplish vs.
just using NTFS file/folder permissions. I have managed machines that had
potentially 40,000 users per machines (whole open labs for universities) and
no matter how many users accessed a given machine during a given period of
time - I had no worries that one user could see/affect another user's files.

Please explain this statement in full...

"... which, just using NTFS permissions would be sufficient if the users
behaved properly ..."

Are you trying to resolve a social/training issue with technology?

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html


.

Relevant Pages

  • Re: Keeping a user captive in XP - restricting writes, directories, etc.
    ... Maybe Windows SteadyState would let you do what you want. ... Preferably without add-on software, but if commercial access ... permissions would be sufficient if the users behaved properly), ... designated area. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: NTFS and shared permissions
    ... > I have a few questions about NTFS permissions and share that I hope ... I know that NTFS permissions are applied to ... NTFS permissions are of course needed for control of accounts ... down from a more broad NTFS grant). ...
    (microsoft.public.security)
  • Re: Need Help on Assigning Specific Permissions to Shares
    ... can not be changed which would leave only ntfs permissions to control ... in groups to have necessary ntfs permissions. ... XP uses simple file sharing by default. ... > XP Pro but it doesn't say it works in Home edition. ...
    (microsoft.public.windowsxp.security_admin)
  • RE: Migrating File servers
    ... shared permissions separately. ... For NTFS permissions, we can use the Windows 2000 Resource Kit tool ... Copy all the data from the old file server to target file server. ...
    (microsoft.public.windows.server.migration)
  • Re: recovering NTFS volumes
    ... If ntfs permissions are not being copied when data is backed up then I believe it ... If the files did not include the administrators group ... but instead a user/group unique to the operating system that is was backed up from, ...
    (microsoft.public.win2000.security)