Setting Permissions On A Folder
We have a SBS2003 network. We need a way for users to not be able to access or see the C:\Documents & Settings folder on the Windows XP Pro machines in the network. I would assume this can be done through a script or GPO. I am sure that we cant just deny access to all groups apart from administrator, because then there profile would not get cached locally?
ASKER
Yes, if they broswe network places they can see everyone's documents and settings. This is a case of users playing around with things they dont need to and the MD has found this probelm.
hm...is the root folder I.e. C:\ shared ?
The local Docs&Settings folder on XP workstations can be viewed by everyone, but the cached profiles within the folder are only accessible by the user they belong to, the local administrators group and the system. Also the users aren't able to move or delete the profiles.
You would have to have a look at the cacls function in a Batch file to accomplish this with a logon script, but make sure it's on a test system just in case something gets broken.
You would have to have a look at the cacls function in a Batch file to accomplish this with a logon script, but make sure it's on a test system just in case something gets broken.
Very simple you can hide Documents and Settings and if you don't want users to access this folder
set permissions if FS is NTFS.
Good luck.
set permissions if FS is NTFS.
Good luck.
ASKER
So would you be able to explain this further, all users are local admins for legacy software to run.
Can you tell me what you don't want users to see in C:\Documents & Settings ?
There is nothing port in order to hide...
I'm administrating over 40 workstation & all users work under Restricted User Gorup,
I gave needed permission to Folders/Files and to registry so all programs run well.
A user doesn't have to be in Administrator Group in order to work without problems with a specific Program.
You can try this but I don't know if it will solve your problem:
in Folder Option set "Do not show Hidden Folders and Files"
and then with Group Policy (gpedit.msc) Enable "Removes the Folder Option menu item from theTools menu" from User Configuration>Administrati
I did so and nobody can see hidden files !
I'll be back Monday and maybe I'll give another solution if this will not work.
Cheers.
There is nothing port in order to hide...
I'm administrating over 40 workstation & all users work under Restricted User Gorup,
I gave needed permission to Folders/Files and to registry so all programs run well.
A user doesn't have to be in Administrator Group in order to work without problems with a specific Program.
You can try this but I don't know if it will solve your problem:
in Folder Option set "Do not show Hidden Folders and Files"
and then with Group Policy (gpedit.msc) Enable "Removes the Folder Option menu item from theTools menu" from User Configuration>Administrati
I did so and nobody can see hidden files !
I'll be back Monday and maybe I'll give another solution if this will not work.
Cheers.
ASKER
That worked, however only on the local computer. How can i apply this group policy to all users on the domain. At the moment i just keep hiding the folder options on the server!
To set a folder as hiden by command / script, this can be ran
attrib +h "C:\Documents and Settings" /D /S
To set a folder as hiden by command / script, this can be ran
attrib +h "C:\Documents and Settings" /D /S
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
EugenX, thats still the local computer, i have 50 clients and dont want to go on each desktop. That is why if possible would like to implement this through group policy / scripts
Then you need a Remote Control Software.
I advice "DameWare NT Utilites".
I advice "DameWare NT Utilites".
Are you saying that when users browse the network they can see each other Documents & Settings in the Network Places ??
Can u provide more details ?