Grant access to Open Files via Computer Management Console
Windows 2003 Server Standard R2.
I have some users which are not Domain or local Admin.
I need them to be able to view the "Open Files" of a File and Print server via a remote session of the Computer Management console.
Currently when they connect and click on the Open Files icon they get Access Denied error messages.
Please can someone tell me how I can delegate admin of the Open Files function for either View Only or Full control.
I have some users which are not Domain or local Admin.
I need them to be able to view the "Open Files" of a File and Print server via a remote session of the Computer Management console.
Currently when they connect and click on the Open Files icon they get Access Denied error messages.
Please can someone tell me how I can delegate admin of the Open Files function for either View Only or Full control.
Ehab Salem
How do you open a file from computer Management?
ASKER
What?
I shall ignore that and wait for someone with some more experience to help.
Thanks anyway
I shall ignore that and wait for someone with some more experience to help.
Thanks anyway
It sounds like you have enough computer savy to set up NTFS and Sharing permissions. So, unless you need help with that, I going to see if I can point you in another direction as to what your problem may be.
Internet explorer enhanced security will not allow folks, even domain administrators, to open files from remote sites, including intranet nodes, if they are OS intrusive files. OS intrusive is defined as (.REG, .EXE, .MSI, .BAT, and some database files). This may sound odd. As a test, go into internet explorer>>tools>>internet options>> security>>sites and put the UNC path in as a trusted site.
My point is, you may have permissions straight, but something is blocking you from accessing these files. I think that's were ehabsalem was going with this.
Internet explorer enhanced security will not allow folks, even domain administrators, to open files from remote sites, including intranet nodes, if they are OS intrusive files. OS intrusive is defined as (.REG, .EXE, .MSI, .BAT, and some database files). This may sound odd. As a test, go into internet explorer>>tools>>internet options>> security>>sites and put the UNC path in as a trusted site.
My point is, you may have permissions straight, but something is blocking you from accessing these files. I think that's were ehabsalem was going with this.
ASKER
I dont think we are talking about the same thing here.
I am domain admin. I go into Computer Management console and I can list Open Files in the Open Files section of the console either local or remote.
I have other users who have no form of Admin trying to do the same to the same servers local and remote and they get Access Denied errors.
The issue must be to do with rights for those users on the servers. I need someone to tell me how I can give these guys the required rights to use the "Open Files" section of the Computer Management Console without giving them Admin rights.
I am domain admin. I go into Computer Management console and I can list Open Files in the Open Files section of the console either local or remote.
I have other users who have no form of Admin trying to do the same to the same servers local and remote and they get Access Denied errors.
The issue must be to do with rights for those users on the servers. I need someone to tell me how I can give these guys the required rights to use the "Open Files" section of the Computer Management Console without giving them Admin rights.
So you want people to only see which files are open, you do not want to open those files?
ASKER
Yes....
Can I suggest you and take a look on local machine.
Go to Computer Maangement\Shared Folders\Open Files
Here you can disconnect users and do some other stuff.
My users get the Access Denied message when trying to access this icon.
Can I suggest you and take a look on local machine.
Go to Computer Maangement\Shared Folders\Open Files
Here you can disconnect users and do some other stuff.
My users get the Access Denied message when trying to access this icon.
Computer management is a GUI shell to see the shares and view the permissions of the share. It's not really designed to view the files within the shares. Computer management was meant as a means to provide the administrators a centralized location to manage typical functions on a machine, (like defrag and disk utilities and file share permissions). Computer Management is also used to work with the managed computers snapin in MMC console for 2003 server.
Bottom line is, the local Computer Management "snapin" is not really made to do what you what you wish.
If you want a GUI shell to see an interact with file shares, use Network Neighborhood.
Bottom line is, the local Computer Management "snapin" is not really made to do what you what you wish.
If you want a GUI shell to see an interact with file shares, use Network Neighborhood.
ASKER
You obviously don't understand what I am trying to do.
I want certain users who are not Admin to go into the comsole and view the Open Files.
I want them to be to see who has what files open etc.
I want certain users who are not Admin to go into the comsole and view the Open Files.
I want them to be to see who has what files open etc.
ASKER
Let me try and explain this again.....
I DO NOT want my nominated users to VIEW files within a share using Comp Management Console.
I want then to view the "Open Files" on a server.
I am getting rather frustrated here. How clearer can I make this?
My original question describes exactl what I am trying to do very clearly. Suggest you read it again please.
I DO NOT want my nominated users to VIEW files within a share using Comp Management Console.
I want then to view the "Open Files" on a server.
I am getting rather frustrated here. How clearer can I make this?
My original question describes exactl what I am trying to do very clearly. Suggest you read it again please.
ASKER
.....typo......
I DO NOT want my nominated users to VIEW files within a share using Comp Management Console.
I want then to view the "Open Files" on a server.
Should Read...
I DO NOT want my nominated users to USE files within a share using Comp Management Console.
I want then to VIEW the "Open Files" on a server.
I DO NOT want my nominated users to VIEW files within a share using Comp Management Console.
I want then to view the "Open Files" on a server.
Should Read...
I DO NOT want my nominated users to USE files within a share using Comp Management Console.
I want then to VIEW the "Open Files" on a server.
I haven't located anything to do what you want except MAYBE allow them access to an mmc console with the computer management system as the only assigned snapin for the server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
naifyboy123 - I am also wanting to allow certain users to read the open files on a server and also allow them to close them for application maintanence but not give them any other access to the server. This would be very helpful for our helpdesk staff. Did you ever find a solution?
ASKER
no i didnt find an answer unfortunately and whilst i am here, it seems EE does not appear to be as useful as it was a few years ago. many answers get ignored, just refer you to url and pdfs etc, but mostly the lack of reposnse to questions is the concern.
I'm looking for the same solution. You have to be an administrator or power user on the server you are trying to view the open files from in order for it to work is what i've found. power user is not a good solution since that would still allow users to restart services and that is not what we want.
i think the next best solution is to find another application that will do the same function. Or do some workaround like schedule a task to run a bat file "net files" and export that to a text file on an open share every 10 minutes so the users can read the text file. That is a clunky workaround, i know.
i think the next best solution is to find another application that will do the same function. Or do some workaround like schedule a task to run a bat file "net files" and export that to a text file on an open share every 10 minutes so the users can read the text file. That is a clunky workaround, i know.