program access control

Posted on 2005-05-10
Last Modified: 2010-04-14

how can i control some users access to some programs in windows 2000 server?

thank you.
Question by:shashank3
    LVL 15

    Accepted Solution

    Hi shashank3,
    The simplest way is with by setting appropriate group permissions on the files/directories concerned.

    For example, say you wanted to control who could run "notepad.exe" that is on the server.
    In Active Directory Users and Computers, create a Security group of "People who can run Notepad".
    Put the relevant users in that group.

    Find the "notepad.exe" file, right-click on it and choose properties.
    Go to the security tab, and you'll see all the people who have permission to run it.

    Remove all the standard users/groups (such as "Domain Users"), and add your new "People who can run Notepad" group in.  Give them read permissions, as you don't want them modifying the file.
    Make sure that you leave your Admin account(s) (such as Domain Admins) in with full control.

    Note that you can do the same thing with an entire directory that a program is installed in.

    Does that help?
    LVL 2

    Author Comment

    Sounds good. but there is another thing i forgot to mention.

    i am going to install couple of programs and not everybody will have access to it. also other user should not know that such software are bought and installed.

    thank you again.
    LVL 15

    Expert Comment

    You'd just need to repeat the same logic as above, for however many programs you want to control.  If you create a new group for each one, you can then control who can access which application.

    As for who can see that it's installed, how you'd do that will depend on how your systems are set up.
    I was assuming that you've got a file share, and people run the program(s) from there.  In those cases, the users would not be able to get access to the relevant directory.  You can make sure that you only set up the shortcuts on the desktops of the people who need to use it.

    Alternatively, if users are logging into the server using Remote Desktop/Terminal Services, you'll need to lock down your Program Files folder to that users can't browse it.  Once again, you'll have to set up shortcuts for the relevant users.

    As for knowing that the software has been bought or not, that's not a technical issue - that's what you tell people.


    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
    Great sound, comfort and fit, excellent build quality, versatility, compatibility. These are just some of the many reasons for choosing a headset from Sennheiser.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now