Solved

Limit a specific user to not be able to see ANY file or work

Posted on 2001-06-12
6
131 Views
Last Modified: 2010-04-13
I have tried to do some reading on this subject, but I am failing to get this right despite numerous tries.

In W2K, if I want to limit another SPECIFIC person (not all users) to simply saving their own files, and NOT being able to VIEW other people's folders (AT ALL), or other people's work AT ALL, what EXACTLY do I do?

I have tried to make changes in the security settings of certain folders, but I end up, as an administrator shutting MYSELF(!!) out of the 'ALL users' folder and the ALLUSERS.WINNT folder.

I want this specific person to be completely blind to anything and everything other people do.  

I need SPECIFIC steps here, one by one.  I am still in the early learning phases of W2K (especially security), so do not assume I know steps that are specific to setting up users/groups etc on W2K or (WinNT).  I am otherwise a very experienced computer user.
0
Comment
Question by:DANLITOV
  • 3
  • 2
6 Comments
 
LVL 13

Accepted Solution

by:
ocon827679 earned 300 total points
ID: 6180887
In all of the resources that you don't want the user to have acess, add the user to the security properties and select "deny" for access.  Specifically,
1. Goto Windows Explorer
2. Open the path to the resource (file structure) in question.
3. Right-click on the resource.
4. Select the "Security" tab.
5. In the properties box, select Add.
6. In the Add users..., select the user in question and click Add, then click OK.
7. Back in the resource properties box, ensure the user in question is selected.
8. In the permissions area check the box under the column for Deny for the Read/Execute, List folder contents, and Read permissions.
9. If you want to apply this to all subfolders click OK.  If only this folder click the Advanced button, select the user in question and view/edit.  Select how you want to apply permissions using the "Apply onto" drop down box.
10. Click OK until you are finished.

You can do this with groups if you have more than one user.  You just need to create a new group and place the users in the group, then apply the above group in the same way you would the user.  Be careful with Deny.  It has precedence over everything.  If you place yourself in a group that is then applied as Deny, you will be denied.  This becomes easy to do once you start nesting groups.  

Good luck!
0
 
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6188752
You will also most likely need the network share to be on an NTFS partition...FAT32 won't cut it since it doesn't support all the advanced security features of NTFS.  If the partition you're working with is FAT32 currently, you can use the command line util convert (i.e.:
convert f: /fs:ntfs /v
Which will drive F: to NTFS and verbosely (is that a word? heh) provide additional information while its doing it.  I would also advise to unshare the folder in question while the convert runs to avoid having users trying to access it. As long as the drive doesn't have any files open and its not your system (OS) drive (i.e. C:), you'll be able to convert it right then. Otherwise, it will convert at the next system reboot.

-d
0
 
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6188830
Also, the use of the "CREATOR OWNER" field would be useful...I believe that following ocon's directions above to get to the Security tab, then add your Administrators group and any other Administrative accounts (Backup Operators, etc) with Full Control access.  Also add the CREATOR OWNER account, with Modify access (depending on how much you want to lock it down, you may want to hit the Advanced button, select CREATOR OWNER, then click View/Edit to get the full array of choices, if necessary).  Remove the Everyone group and add "Authenticated Users" (assuming your users are logged into an NT domain), give them the ability to Read, but not list folder contents.  This change will allow only users who created a file in the directory to see it and/or modify it, but will show them files/directories that the specific user created.

I'm fairly certain that this will work, but I may be missing a step.  Perhaps another expert with a bit more NT file security can extend/correct it.

-d
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:DANLITOV
ID: 6204076
Ocon helped exactly as I requested.  He provided me with very specific steps, and did not make many assumptions about what I did or did not know with regard to this subject.  I printed his instructions out, followed them exactly, and got exactly what I needed.  Thanks!!!
0
 
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6204231
Well, the way I read it, the user will only be able to save files to this shared resource, and won't even be able to see their own files that they created!  Is this what you wanted?  

Just curious.

-d
0
 

Author Comment

by:DANLITOV
ID: 6212018
Dogztar,

Although I believe I checked this, I will check again to see if user has not been able access their files.

Thanks for your input.

Dan
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
demote crashed domain controller (server 2000) 3 1,003
How to Test Com Ports on NT 4.0 Workstation 2 274
Terminal 2000 connection RDP 5 139
Server 2012R2 Foundation and Server 2000 3 124
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Employees depend heavily on their PCs, and new threats like ransomware make it even more critical to protect their important data.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question