Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How do I set 'Limited" user for full access to certain folder?
- Thread starter geagle
- Start date
- Thread starter
- #2
If you are granting the user full access from the root onwards of a drive, what purpose is there in making them a "limited user"?
Likely the only thing you are denying them is the ability to write to the registry.
Most software installations will require this.
Under Windows the option exists for the user to logon as either the Domain (or Netware) user, with Full policies applied, or as a local console user.
Make them local Administrators, if they need to install/ mess around, let them do that as a local console logon as Administrator. As a Netware or Windows Server Domain user, restrict their rights as you see fit.
This is the most common way of handling laptop/notebook users who need to go between Home and Office settings. Let them do what they want as a local console logon, (under Netware, they click the little box to act as a Workstation), but your Netware and/or Domain is fine no matter what they do.
Likely the only thing you are denying them is the ability to write to the registry.
Most software installations will require this.
Under Windows the option exists for the user to logon as either the Domain (or Netware) user, with Full policies applied, or as a local console user.
Make them local Administrators, if they need to install/ mess around, let them do that as a local console logon as Administrator. As a Netware or Windows Server Domain user, restrict their rights as you see fit.
This is the most common way of handling laptop/notebook users who need to go between Home and Office settings. Let them do what they want as a local console logon, (under Netware, they click the little box to act as a Workstation), but your Netware and/or Domain is fine no matter what they do.
- Thread starter
- #4
I made a typo mistake in the original message. It should say
"full access rights to a directory ON the root of c:\" not "directory OF the root of C:
Just full rights to only one program folder on the C:\drive. Not all of C: and onwards. That's my problem. Just one folder. Limited user rights apply elsewhere.
"full access rights to a directory ON the root of c:\" not "directory OF the root of C:
Just full rights to only one program folder on the C:\drive. Not all of C: and onwards. That's my problem. Just one folder. Limited user rights apply elsewhere.
I am puzzled.
If you give full access to c:that is the root of the drive.
There are no previous permission levels.
For any folder, the NTFS permission would allow, for a fully defined user, the setting of 14 different permission levels in combination.
If in a workgroup setting, you need to add the local username/password to allow their entry as NTFS permissions on a local drive. In a Domain setting you can register the machine Account, and both local and Domain Groups, or users, and accomplish the same task.
If you give full access to c:that is the root of the drive.
There are no previous permission levels.
For any folder, the NTFS permission would allow, for a fully defined user, the setting of 14 different permission levels in combination.
If in a workgroup setting, you need to add the local username/password to allow their entry as NTFS permissions on a local drive. In a Domain setting you can register the machine Account, and both local and Domain Groups, or users, and accomplish the same task.
- Thread starter
- #6
bcastner:
Boy, I've read some of your FAQ's and you sound real nice and willing to help, but I've seen some of your postings and you can be real condescending.
I know all about C: being the root of the drive. I've been at this for 23 years. Sorry, I 'puzzled' you.
There's lots I don't know and am not ashamed to admit it. Just don't talk down to me.
Now, it appears that what I'm after is your comment as follows:
<If in a workgroup setting, you need to add the local <username/password to allow their entry as NTFS <permissions on a local drive.
Can you be more specific in how I would do this?
Thank you for any helpful help you can provide.
Boy, I've read some of your FAQ's and you sound real nice and willing to help, but I've seen some of your postings and you can be real condescending.
I know all about C: being the root of the drive. I've been at this for 23 years. Sorry, I 'puzzled' you.
There's lots I don't know and am not ashamed to admit it. Just don't talk down to me.
Now, it appears that what I'm after is your comment as follows:
<If in a workgroup setting, you need to add the local <username/password to allow their entry as NTFS <permissions on a local drive.
Can you be more specific in how I would do this?
Thank you for any helpful help you can provide.
Quote:
"bcastner:
Boy, I've read some of your FAQ's and you sound real nice and willing to help, but I've seen some of your postings and you can be real condescending."
Tone and intention are difficult things to show in a post or e-mail. I have no reason to be, nor intend to be, condescending in these Forums. Until now, I thought I had done a fairly decent job of it.
In any case, my posts above were to remind you that you had three levels of security available:
. Share level Security. You can control by user who can and cannot access any share;
. NTFS permissions; in which you can richly combine what is allowed or denied on 14 permission principles to any user;
. Netware security, which on Netware volumes provides an even richer combination of #1 and #2 above.
If you are combining a Microsoft Workgroup Model with a Netware Server, and not using any form of Directory Services for either, you follow the Microsoft Workgroup model and add all users to all workstations as local users; then you refine their access by Share and by NTFS permissions. The refinements in security for the Netware server I am confident you already know.
Dough Knox has a usefull tool to help with this, as I mentioned a little time ago: thread779-685048
If my posts above seemed less than usefull, I was frankly trying to figure out your question. I apologize if it appeared condescending, I intended no such attitude.
Best wishes,
Bill Castner
"bcastner:
Boy, I've read some of your FAQ's and you sound real nice and willing to help, but I've seen some of your postings and you can be real condescending."
Tone and intention are difficult things to show in a post or e-mail. I have no reason to be, nor intend to be, condescending in these Forums. Until now, I thought I had done a fairly decent job of it.
In any case, my posts above were to remind you that you had three levels of security available:
. Share level Security. You can control by user who can and cannot access any share;
. NTFS permissions; in which you can richly combine what is allowed or denied on 14 permission principles to any user;
. Netware security, which on Netware volumes provides an even richer combination of #1 and #2 above.
If you are combining a Microsoft Workgroup Model with a Netware Server, and not using any form of Directory Services for either, you follow the Microsoft Workgroup model and add all users to all workstations as local users; then you refine their access by Share and by NTFS permissions. The refinements in security for the Netware server I am confident you already know.
Dough Knox has a usefull tool to help with this, as I mentioned a little time ago: thread779-685048
If my posts above seemed less than usefull, I was frankly trying to figure out your question. I apologize if it appeared condescending, I intended no such attitude.
Best wishes,
Bill Castner
- Status
