DANLITOV
asked on
Limit a specific user to not be able to see ANY file or work
I have tried to do some reading on this subject, but I am failing to get this right despite numerous tries.
In W2K, if I want to limit another SPECIFIC person (not all users) to simply saving their own files, and NOT being able to VIEW other people's folders (AT ALL), or other people's work AT ALL, what EXACTLY do I do?
I have tried to make changes in the security settings of certain folders, but I end up, as an administrator shutting MYSELF(!!) out of the 'ALL users' folder and the ALLUSERS.WINNT folder.
I want this specific person to be completely blind to anything and everything other people do.
I need SPECIFIC steps here, one by one. I am still in the early learning phases of W2K (especially security), so do not assume I know steps that are specific to setting up users/groups etc on W2K or (WinNT). I am otherwise a very experienced computer user.
In W2K, if I want to limit another SPECIFIC person (not all users) to simply saving their own files, and NOT being able to VIEW other people's folders (AT ALL), or other people's work AT ALL, what EXACTLY do I do?
I have tried to make changes in the security settings of certain folders, but I end up, as an administrator shutting MYSELF(!!) out of the 'ALL users' folder and the ALLUSERS.WINNT folder.
I want this specific person to be completely blind to anything and everything other people do.
I need SPECIFIC steps here, one by one. I am still in the early learning phases of W2K (especially security), so do not assume I know steps that are specific to setting up users/groups etc on W2K or (WinNT). I am otherwise a very experienced computer user.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also, the use of the "CREATOR OWNER" field would be useful...I believe that following ocon's directions above to get to the Security tab, then add your Administrators group and any other Administrative accounts (Backup Operators, etc) with Full Control access. Also add the CREATOR OWNER account, with Modify access (depending on how much you want to lock it down, you may want to hit the Advanced button, select CREATOR OWNER, then click View/Edit to get the full array of choices, if necessary). Remove the Everyone group and add "Authenticated Users" (assuming your users are logged into an NT domain), give them the ability to Read, but not list folder contents. This change will allow only users who created a file in the directory to see it and/or modify it, but will show them files/directories that the specific user created.
I'm fairly certain that this will work, but I may be missing a step. Perhaps another expert with a bit more NT file security can extend/correct it.
-d
I'm fairly certain that this will work, but I may be missing a step. Perhaps another expert with a bit more NT file security can extend/correct it.
-d
ASKER
Ocon helped exactly as I requested. He provided me with very specific steps, and did not make many assumptions about what I did or did not know with regard to this subject. I printed his instructions out, followed them exactly, and got exactly what I needed. Thanks!!!
Well, the way I read it, the user will only be able to save files to this shared resource, and won't even be able to see their own files that they created! Is this what you wanted?
Just curious.
-d
Just curious.
-d
ASKER
Dogztar,
Although I believe I checked this, I will check again to see if user has not been able access their files.
Thanks for your input.
Dan
Although I believe I checked this, I will check again to see if user has not been able access their files.
Thanks for your input.
Dan
convert f: /fs:ntfs /v
Which will drive F: to NTFS and verbosely (is that a word? heh) provide additional information while its doing it. I would also advise to unshare the folder in question while the convert runs to avoid having users trying to access it. As long as the drive doesn't have any files open and its not your system (OS) drive (i.e. C:), you'll be able to convert it right then. Otherwise, it will convert at the next system reboot.
-d