We help IT Professionals succeed at work.

Setting Permissions On A Folder

synergiq asked
Last Modified: 2013-11-05
We have a SBS2003 network. We need a way for users to not be able to access or see the C:\Documents & Settings folder on the Windows XP Pro machines in the network. I would assume this can be done through a script or GPO. I am sure that we cant just deny access to all groups apart from administrator, because then there profile would not get cached locally?
Watch Question

Top Expert 2008

By default they cant ?
Are you saying that when users browse the network they can see each other Documents & Settings in the Network Places ??
Can u provide more details ?


Yes, if they broswe network places they can see everyone's documents and settings. This is a case of users playing around with things they dont need to and the MD has found this probelm.
Top Expert 2008

hm...is the root folder I.e. C:\ shared ?
tigermattSite Reliability Engineer
Most Valuable Expert 2011

The local Docs&Settings folder on XP workstations can be viewed by everyone, but the cached profiles within the folder are only accessible by the user they belong to, the local administrators group and the system. Also the users aren't able to move or delete the profiles.

You would have to have a look at the cacls function in a Batch file to accomplish this with a logon script, but make sure it's on a test system just in case something gets broken.

Very simple you can hide Documents and Settings and if you don't want users to access this folder
set permissions if FS is NTFS.
Good luck.


So would you be able to explain this further, all users are local admins for legacy software to run.

Can you tell me what you don't want users to see in C:\Documents & Settings ?
There is nothing port in order to hide...

I'm administrating over 40 workstation & all users work under Restricted User Gorup,
I gave needed permission to Folders/Files and to registry so all programs run well.
A user doesn't have to be in Administrator Group in order to work without problems with a specific Program.

You can try this but I don't know if it will solve your problem:

in Folder Option set "Do not show Hidden Folders and Files"
and then with Group Policy (gpedit.msc) Enable "Removes the Folder Option menu item from theTools menu" from User Configuration>Administrative Templates>Windows Explorer

I did so and nobody can see hidden files !

I'll be back Monday and maybe I'll give another solution if this will not work.


That worked, however only on the local computer. How can i apply this group policy to all users on the domain. At the moment i just keep hiding the folder options on the server!

To set a folder as hiden by command / script, this can be ran

attrib +h "C:\Documents and Settings" /D /S
This one is on us!
(Get your first solution completely free - no credit card required)


EugenX, thats still the local computer, i have 50 clients and dont want to go on each desktop. That is why if possible would like to implement this through group policy / scripts

Then you need a Remote Control Software.
I advice "DameWare NT Utilites".
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.