how to set permissions for a single file

Posted on 2009-04-28
Last Modified: 2013-12-04
Hello everyone,

Here's the environment:
Windows XP .
Pc is in a workgroup NOT a domain.

Folder structure:
Program Files\RaysFolder\Bin\Fix.exe
Rights are inherited from the Program Files folder.

My experience in such things:
VERY limited.

What I want to do:
Prevent members of the "Users" group from executing Fix.exe.  (See above)
But, I want to allow members of the Administrators group to execute it.

It seems that when I deny the Users group Read and Execute permissions, the Administrator is also affected.
That really confuses me.

Can I ask for some advice as to how I might allow Administrators to execute this file while denying Users the same privilege ?

Thanks in advance.
    LVL 7

    Accepted Solution

    Permissions are controlled by the "rule of least privledge". Whatever group a user belongs to that has the least privledge controls that users acces. Since Users includes everyone then everyone has the 'deny' priveledge. Deny always overrides any other privledge. Try to create a new user group with a new name and put all users in it except administrators then set their permission to 'deny'. To create a new group - Control Panel << Administrative Tools << Computer Management << Local Users and Groups << Groups << [right click] add group. Also be sure to uncheck the inherited permissions box. Think about how you want to manage your users before you start. This can get to be a thorny problem if done badly.
    LVL 1

    Author Closing Comment

    by:Accidental Hyper-V Administrator
    Perfect.  EXACTLY what I needed.
    It's one thing to be knowledgeable in an area (and you certainly are), but it a real bonus, when you find someone who also has the ability to explain what they know, in easy to understand terms.
    Thanks a million.
    Your the greatest.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    Suggested Solutions

    Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now