General discussion

Locked

Protection agaist the EveryOne group

By raednashat ·
Dear all.


I have many questions in mind regarding Windows 2000 but for now I well
just limit them to one question which goes as follows :


I found that after installing a fresh copy of MS-Windows 2000 Professional the security settings on the drives and their folders , sub folders & files are as follows :

Administrators : Full Control
Everyone : Full Control

Now I need to protect my hard drive and its logical drives and folders/files from this Everybody group while at the same time allow local and domain users to log on locally to this machine and perform some basic operations.

I need a non-administrator user to have the following rights :

1. Log on locally ( local & Domain users )
2. Have full access to the c:\documents &
settings\username folder .
3. Creating a home folder ( locally or on
any server ) with full access.
4. Prevent them from writing/deleting any
thing else on my drive .
5. Prevent them from installing any program .
6. Browing the Web.

Many Thanks in advance for your help .

Raed Al-Jarrah

Network Administrator
Al-Hussein Bin Talal University
Jordan

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Protection agaist the EveryOne group

by curlergirl In reply to Protection agaist the Eve ...

FIRST REMEMBER that folder and file level permissions are only available if you are using the NTFS file system. If the drive is formatted with FAT or FAT32, you do not have the granular level of control for access to files and folders that you have with NTFS.
Given that, here's how to do it:
1. Remove the Everyone Group from the Security tab for the drive(s). Add the Everyone Group back to the Documents and Settings folder with Read, List Contents and Read & Execute permissions. These are required for the user to be able to log on and for the system to create the local user profile folders.
2. To give any domain user groups or individual domain users permission to use the PC, add them to the local Users or Power Users group (depending upon what level of access you want them to have). "Users" can log on locally but cannot do things like set up printers or add peripherals or install programs, while "Power Users" can set up printers and peripherals but can't install programs.
3. Give the local Users or Power Users group appropriate permissions to the other local folders you want them to use.
4. Browsing would depend on their permission to run IE and any proxy server or other domain-level permissions they have.

Hope this helps!

Collapse -

Protection agaist the EveryOne group

by raednashat In reply to Protection agaist the Eve ...

The question was auto-closed by TechRepublic

Collapse -

Protection agaist the EveryOne group

by bturnham In reply to Protection agaist the Eve ...

remove the everyone group and create and create a new group called the users group ad all appropriate users to this group and grant this group the neccesary permissions use NTFS permissions as opposed to share level permissions. Hope that helps

Collapse -

Protection agaist the EveryOne group

by raednashat In reply to Protection agaist the Eve ...

The question was auto-closed by TechRepublic

Collapse -

Protection agaist the EveryOne group

by raednashat In reply to Protection agaist the Eve ...

This question was auto closed due to inactivity

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Forums