Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Help! All users get admin right

Status
Not open for further replies.
rtcwong

rtcwong

Programmer
Nov 22, 2001
10
HK
Dear all,
I am using NT4 terminal server, MF 1.8.
I discover that all citrix client users have admin right
on my citrix server.When they use any application on citrix server though client. When they open file by file-> open
then a explorer appear for select file. Then if he select any folder and press DELETE, then the whole system....
is it the setting problem? please help.

thanks.
 
Sort by date Sort by votes
Well, by default the EVERYONE group has Full Control to almost all of the folders except for
WTSRV (and everything under it)

They actually have Change Control (which allows them to delete) under the System Drive and then they have Full Control for all other Drives. So if C: is your system drive and then you have D: and E:, the EVERYONE group would have CHANGE on C: and Full Control on D: and E:

Oh yeah, I forgot to mention. If your not using NTFS, forget about any control... Everyone can delete anything once they logon. Including files and folder in WTSRV. Dave Namou, MCSE CCEA
 
Upvote 0 Downvote
Dear Namou,

I am using NT terminal server with NTFS. Could I control user's right? (to avoid user could delete/create/change the file from file exploer etc)

Thanks.
 
Upvote 0 Downvote
Yes you can.. right mouseclick on a folder > properties > select the tab "security" > button: "Permissions" > here you see the rights. I think "Everyone" has full controll.

gr,
Danny
 
Upvote 0 Downvote
Dear Danny,

I have check the security already, but only admin is full control. You may try use word etc though citrix and then choose file->open->and a file browser would open. Then you could delete/create everthihg you want here. If you create a file and then check the owner, you would see it is created by admin. This mean everthing could have full control if you could open a file browser. (actually, you could shadow the whole server by right click mouse and select shadow...such a big security problem.
p.s. already tried for citrix and NT WTS.
 
Upvote 0 Downvote
hmm strange.. is there a way to get me into your server to see for myself? we could look together...

mail me:
dschuller@maasoevers.nl
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SBTBILL
  • Locked
  • Question
How to get to files
Replies
1
Views
122
Provogeek
Provogeek
SpenceWaller
  • Locked
  • Question
Citrix CSG - Allow users to change password
Replies
0
Views
78
SpenceWaller
SpenceWaller
treedstang
  • Locked
  • Question
SAMBA4 DOMAIN NOT SEEING IMPORTED USERS OR GROUPS FROM SAMBA3 DOMAIN
Replies
0
Views
88
treedstang
treedstang
Breezeman
  • Locked
  • Question
Stop users from saving to their user directory on C: of application servers
Replies
3
Views
127
JayIT
JayIT
tendim
  • Locked
  • Question
Discussion about greenfield deployment, any help appreciated!
Replies
0
Views
74
tendim
tendim

Part and Inventory Search

Sponsor

Back
Top