Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Is this explicit permission possible?

Posted on 2015-02-18
2
Medium Priority
?
90 Views
Last Modified: 2015-02-18
Hello all,

My company has 7 citrix servers. We have users that get corrupted profiles because of a sync issue.
To fix this we would need to log on to the servers and remove the profile or rename the profile to ***.old.

Problem is only the Sys Admin and Jr Sys Admin have access to the servers. Help desk are the ones that are getting the call. The server requires a login. The Sys Admin and Jr Sys Admin all have domain accounts that can log into any server. We don't want to give Help Desk that access. I know that I will need to setup a local account.

My company is on board with a LEAN process. I was wondering if it was possible to give HelpDesk users access to the server's C Drive.

Can I give access to them to the C Drive\Users Folder and not access to remote into the server? [Example have them type the path to the C Drive (\\cserver01\c$\users). I know it will prompt them for a login and I can make a HelpDesk login.]

Is it possible to allow them access to just the Users folder? [Only allow them to stay in the user folder and no where else]

Is it also possible to reject their login if they try to remote into the server?

I know it may not be possible but just thought I'd ask to see if anyone has come across something like this.


Thanks!
0
Comment
Question by:xouvang
2 Comments
 
LVL 13

Accepted Solution

by:
Norm Dickinson earned 2000 total points
ID: 40617574
You should be able to create a new share on that folder and explicitly allow access to a particular group, then assign the help desk to that group.
0
 

Author Comment

by:xouvang
ID: 40617712
Thanks! That's what I did and it's doing what I want it to do
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question