Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 153
  • Last Modified:

program access control


how can i control some users access to some programs in windows 2000 server?

thank you.
  • 2
1 Solution
Hi shashank3,
The simplest way is with by setting appropriate group permissions on the files/directories concerned.

For example, say you wanted to control who could run "notepad.exe" that is on the server.
In Active Directory Users and Computers, create a Security group of "People who can run Notepad".
Put the relevant users in that group.

Find the "notepad.exe" file, right-click on it and choose properties.
Go to the security tab, and you'll see all the people who have permission to run it.

Remove all the standard users/groups (such as "Domain Users"), and add your new "People who can run Notepad" group in.  Give them read permissions, as you don't want them modifying the file.
Make sure that you leave your Admin account(s) (such as Domain Admins) in with full control.

Note that you can do the same thing with an entire directory that a program is installed in.

Does that help?
shashank3Author Commented:
Sounds good. but there is another thing i forgot to mention.

i am going to install couple of programs and not everybody will have access to it. also other user should not know that such software are bought and installed.

thank you again.
You'd just need to repeat the same logic as above, for however many programs you want to control.  If you create a new group for each one, you can then control who can access which application.

As for who can see that it's installed, how you'd do that will depend on how your systems are set up.
I was assuming that you've got a file share, and people run the program(s) from there.  In those cases, the users would not be able to get access to the relevant directory.  You can make sure that you only set up the shortcuts on the desktops of the people who need to use it.

Alternatively, if users are logging into the server using Remote Desktop/Terminal Services, you'll need to lock down your Program Files folder to that users can't browse it.  Once again, you'll have to set up shortcuts for the relevant users.

As for knowing that the software has been bought or not, that's not a technical issue - that's what you tell people.


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now