|
Posted by Steven L Umbach on August 12, 2005, 12:28 am
If you were Registered and logged in, you could reply and use other advanced thread options
The local administrators group should only be used for those that need
administrator access to the server. The users group is that group that new
users are added to by default and it has fairly restricted access while
allowing a user to be functional though a user by default has full control
of their user profile under documents and settings. If you have special
needs then create your own local group and configure ntfs permissions
exactly as you want for that group, add users to the group, and remove users
group permissions from the folders that you want to control access to OR
change the ntfs permissions of the users group and user account [where used]
to be what you need. The system folders already have restricted access and
normally should not be changed without thorough testing first. When
checking/changing ntfs permissions always be sure to check the advanced
permissions page as a group may have different permissions for the child
folders than the parent folder such as for the drive/root folder.
Group Policy can also be configured to restrict what a user can do on a
computer though for a non domain computer by default ALL users on the
computer will have local Group Policy [gpedit.msc] settings applied to them.
Local Security Policy [secpol.msc] can be used to modify user rights such as
shutdown the computer. For XP Pro and Windows 2003 Software Restriction
Policies can also be used to restrict what applications a user can install
and run. --- Steve
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx
--- Software Restriction Policies
>I can not believe this is so difficult to setup. Isn't there a way to give
>a
> group of users limited access to a server? In other words, I want to give
> a
> groups of users the ability to login to a server and see everything, but
> not
> the right to change anything. Simply read access. I'm amzed that there
> isn't
> already a group that just gives users read access to a server. There are
> so
> many useless groups on a Windows server. 90% of the time the Local
> Administrators group is the only one used because all the other groups are
> useless.
> --
> Regards,
> Bryan Fairchild
> -----------------
> NeotericIT.com
> Of recent origin; modern. The development, installation, and
> implementation
> of computer systems and applications.
| 
XML site map