Solved

Limit a specific user to not be able to see ANY file or work

Posted on 2001-06-12
6
128 Views
Last Modified: 2010-04-13
I have tried to do some reading on this subject, but I am failing to get this right despite numerous tries.

In W2K, if I want to limit another SPECIFIC person (not all users) to simply saving their own files, and NOT being able to VIEW other people's folders (AT ALL), or other people's work AT ALL, what EXACTLY do I do?

I have tried to make changes in the security settings of certain folders, but I end up, as an administrator shutting MYSELF(!!) out of the 'ALL users' folder and the ALLUSERS.WINNT folder.

I want this specific person to be completely blind to anything and everything other people do.  

I need SPECIFIC steps here, one by one.  I am still in the early learning phases of W2K (especially security), so do not assume I know steps that are specific to setting up users/groups etc on W2K or (WinNT).  I am otherwise a very experienced computer user.
0
Comment
Question by:DANLITOV
  • 3
  • 2
6 Comments
 
LVL 13

Accepted Solution

by:
ocon827679 earned 300 total points
ID: 6180887
In all of the resources that you don't want the user to have acess, add the user to the security properties and select "deny" for access.  Specifically,
1. Goto Windows Explorer
2. Open the path to the resource (file structure) in question.
3. Right-click on the resource.
4. Select the "Security" tab.
5. In the properties box, select Add.
6. In the Add users..., select the user in question and click Add, then click OK.
7. Back in the resource properties box, ensure the user in question is selected.
8. In the permissions area check the box under the column for Deny for the Read/Execute, List folder contents, and Read permissions.
9. If you want to apply this to all subfolders click OK.  If only this folder click the Advanced button, select the user in question and view/edit.  Select how you want to apply permissions using the "Apply onto" drop down box.
10. Click OK until you are finished.

You can do this with groups if you have more than one user.  You just need to create a new group and place the users in the group, then apply the above group in the same way you would the user.  Be careful with Deny.  It has precedence over everything.  If you place yourself in a group that is then applied as Deny, you will be denied.  This becomes easy to do once you start nesting groups.  

Good luck!
0
 
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6188752
You will also most likely need the network share to be on an NTFS partition...FAT32 won't cut it since it doesn't support all the advanced security features of NTFS.  If the partition you're working with is FAT32 currently, you can use the command line util convert (i.e.:
convert f: /fs:ntfs /v
Which will drive F: to NTFS and verbosely (is that a word? heh) provide additional information while its doing it.  I would also advise to unshare the folder in question while the convert runs to avoid having users trying to access it. As long as the drive doesn't have any files open and its not your system (OS) drive (i.e. C:), you'll be able to convert it right then. Otherwise, it will convert at the next system reboot.

-d
0
 
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6188830
Also, the use of the "CREATOR OWNER" field would be useful...I believe that following ocon's directions above to get to the Security tab, then add your Administrators group and any other Administrative accounts (Backup Operators, etc) with Full Control access.  Also add the CREATOR OWNER account, with Modify access (depending on how much you want to lock it down, you may want to hit the Advanced button, select CREATOR OWNER, then click View/Edit to get the full array of choices, if necessary).  Remove the Everyone group and add "Authenticated Users" (assuming your users are logged into an NT domain), give them the ability to Read, but not list folder contents.  This change will allow only users who created a file in the directory to see it and/or modify it, but will show them files/directories that the specific user created.

I'm fairly certain that this will work, but I may be missing a step.  Perhaps another expert with a bit more NT file security can extend/correct it.

-d
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:DANLITOV
ID: 6204076
Ocon helped exactly as I requested.  He provided me with very specific steps, and did not make many assumptions about what I did or did not know with regard to this subject.  I printed his instructions out, followed them exactly, and got exactly what I needed.  Thanks!!!
0
 
LVL 16

Expert Comment

by:Kyle Schroeder
ID: 6204231
Well, the way I read it, the user will only be able to save files to this shared resource, and won't even be able to see their own files that they created!  Is this what you wanted?  

Just curious.

-d
0
 

Author Comment

by:DANLITOV
ID: 6212018
Dogztar,

Although I believe I checked this, I will check again to see if user has not been able access their files.

Thanks for your input.

Dan
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hyena v12.2 is now available for downloading and is available in English, French, German and Spanish versions.
This video discusses moving either the default database or any database to a new volume.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now