Posted on 2008-06-10
Last Modified: 2008-08-26

I have WIN XP SP2.

I have created 4 accounts on the PC. One is administrator, one is super user with admin rights
and two are limited user.

I want to give full rights on one particular folder to one user but not to the other user.
However under Share  & Security options, the authorisations are given to everyone. That means
all users can access the Fluidyn folder.

However, I want only user1, admin & super user to access the Fluidyn folder and not user2.

How do I change authorisations.

Thanks for a quick answer

Question by:fluidyn
  • 2
  • 2
LVL 32

Accepted Solution

r-k earned 250 total points
ID: 21752250
Go to Properties -> Security for that folder.

Click on "Add" and type in the username you don't want having acvcess to that folder (i.e. user2)

Click on OK

Next, click highlight "user2" in the "Group or User names" sub-window, then click on the checkbox for "Full Control" -> Deny. It should automaticaly check all the other Deny boxes.

Click on OK

After this all users should have access to that folder, but user2 should not.

Expert Comment

ID: 21756738
XP Pro or Home?

Author Comment

ID: 21828948

I have win xp pro. actually I want to give access to only user1 & deny access to everyone else
execept user1 & administrator

I am not able to define the access rights

LVL 32

Expert Comment

ID: 21831871
"I am not able to define the access rights"

Can you explain in more detail? What exactly happens when you try to change permissions in the Security dialog?

Assisted Solution

DaMaestro earned 250 total points
ID: 21833558
I would advise against using the deny permission and instead just change the group permission. I would create a  group such as "SEC-FolderName", adding access for that group, and then add the users you want to that group. Then remove any guests or other groups from the security of that folder (except administrators and system). If you want to use deny, only use it on individual non privleged user accounts. Use the computer management snapin from administrative tools on the start menu and go to users and groups to create groups and add group members.

Regarding not being able to change permissions, it sounds like one of two issues.

1) The system may not be on a domain and it is using simple file sharing. Follow the steps at <> or <> to turn off simple file sharing.

2) The folder is not on a drive formatted with the NTFS file system. Right click the drive in windows explorer. On the first tab verify file system is NTFS. If it is not, consider performing the converstion process if no other operating systems (such as Win98, Win95) need to be supported. Follow the steps at <> if you need to convert to NTFS.

If none of the above is applicable use calcs.exe to change the permissions.  Type calcs /? for more information about the command.
In this example I edit the existing ACL on the Test1 (aka .) folder and add grant (/g) full access permission for BUILTIN\Users, which was previously read only. 

D:\DropBox\Test1>cacls .

D:\DropBox\Test1 BUILTIN\Administrators:F


                 NT AUTHORITY\SYSTEM:F

                 NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F

                 NT AUTHORITY\Authenticated Users:C

                 NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C


D:\DropBox\Test1>cacls . /E /T /G "BUILTIN\Users":F

processed dir: D:\DropBox\Test1

D:\DropBox\Test1>cacls .

D:\DropBox\Test1 BUILTIN\Administrators:F


                 NT AUTHORITY\SYSTEM:F

                 NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F

                 NT AUTHORITY\Authenticated Users:C

                 NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C


Open in new window


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TMG Migration to F5 1 2,532
TMG 2010 ISP Redudancy 29 967
Managing ForeFront Endpoint with SCCM2012 4 1,171
ISA 2006 RRAS and mirgrating to Server 2012 R2 3 28
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now