Solved

setting folder permission in win2000

Posted on 2004-08-04
7
156 Views
Last Modified: 2013-12-04
i want my users not to create  or delete files in my c: drive so i gave them read permissions, now the problem comes while running the installed programs such as TC. while running TC it gives error "not able to initialise or write to C:\Documents and Settings\username\Local Settings\temp..."

how do i give permissions so that i can avoid users to change system file or create file & folders in c: drive, also my users should not face problems in running the installed programs like TC or MSOFFICE or Visual studio.
0
Comment
Question by:akhonnet
  • 2
7 Comments
 
LVL 1

Expert Comment

by:kkpehlers
ID: 11732977
Question Do users have full access to your c: drive or specific folders or are many users using the same machine? Do you all use the same user account? It looks like you took away the permissions you need to run the apps.
Check out this url http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/Default.asp?url=/resources/documentation/Windows/XP/all/reskit/en-us/prkc_fil_vtmz.asp to see the advanced permissions you can set for users. Also the  C:\Documents and Settings\username folder should have had specific permissions for your user account and administrators only.
0
 
LVL 14

Expert Comment

by:dlwyatt82
ID: 11738471
Users need to have write permissions to their own profile directories at the very least: You should check out the permissions on each of the profile foldders in "c:\documents and settings".

When you say you don't want users creating files in c:\, do you mean in the entire drive? Or just in the root directory? If you only want to prevent them from creating files in the c:\ root, set Permissions as follows:

Grant Everyone Read and Execute permissions to C:\ in the Security Tab of C:\ properties.

Click Advanced
Click Add, select Everyone
In the box which gives you the options to select permissions, select "Subfolders Only" from the "Apply To:" drop-down box.
Check all permissions boxes for Allow (Full Control).

That will prevent users from creating any files or folders directly in c:\, but still allow them to write to the rest of the directory tree.
0
 

Author Comment

by:akhonnet
ID: 11742117
yes i've full access to the c: drive. i've multiple domain users using the same system, if i give the users permission to write inside the system folders them they may play with the system files, and without giving them the access, the users are not able run applications like officeXP, also users using visual studio can't add components to the applications, and for that i've to give them power user rights or admin rights.
0
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 125 total points
ID: 11742821
I see. You are on the right track then, giving "Read and Execute" permissions at the C:\ root. However, you need to make sure that each user has full control permissions to their own profile directory, and also to the Temp directory if it is located outside the user's profile folder.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question