How to deny list/browse drive C:

[warik]

Dear all,

I would like to make user account which can not browse/list drive C: and it's directory, but that account still could execute or running a program from it. What Security access do I have to set?

I ever try for deny account to read drive C:, but that account can not run photoshop. What I need is to make that account still have access to run software (like photoshop) but can not browse the content of it's drive.

Is that necessary to do at XP?

Thank you in advance

 

[bcastner]

Convert the drive to NTFS as you gain a lot of granularity in the security settings for any folder and the drive itself.

It might be best to leave standard permissions on the Program Files folder and subfolder, and deny all permission just on the Folders you do not want the user to access.

You can set to disable a user being able to List Folder Contents, for example, or remove all Permissions from selected folders by username or Group.

 

[Teamaker]

Are you in a Windows 2000 domain?

If so you can acheive this through Group Policy

user settings - admin templates - windows components - windows explorer

there is a setting in there to hide drives we use it with no probs.

!!A good cup of Tetley keeps the madness at bay!!

 

[dwilko]

I am thinkin bout doin this but I want to stop users from lookin in some folders on the D:\ so that they hav their own space were they can keep things that the other users cant see.
But My D:\ is FAT32

can any one help

________________________________________
I help Where I can

 

[warik]

bcastner, I use NTFS, but if I disable for list folder, it also disable to execute the program inside it. How to make even disable for list folder but still execute the program at that folder.

Teammaker, I user Windows XP Prof, and I create at it's own security setting. My computer is not connected with DC (single computer)

dwilko, i think you have to change the partition to NTFS for security enable.

thank you in advance

 

[bcastner]

1. You could "Hide" the entire drive(s). They could still execute commands but Explorer and My Computer will not browse them. Micorosft's Tweak UI can do this, as can using gpedit.msc on XP Pro as explained above by Teamaker. You can do this on a user-by-user basis by logging on as the user and making a direct registry edit to HKCU:

http://www.winguides.com/registry/display.php/148

2. You can "Hide" the drive from being viewed, but not Hide the drive.

This is similar to "Hide Drives" but more restrictive:

http://www.winguides.com/registry/display.php/1157/

Note that neither of these measures requires NTFS.

 

[dwilko]

I dont Really want to change to ntfs in case someting goes worng and lose all my data

so what your sayin is that to do hide drives/folders i will need to change fat32 to ntfs

________________________________________
I help Where I can

 

[Teamaker]

To secure your drives they do need to be NTFS backup important data then use the convert utility it rarely goes wrong.

!!A good cup of Tetley keeps the madness at bay!!

 

[bcastner]

What I said was that the "Hide" drives is not dependent on NTFS. It would work for either NTFS or for Fat32 volumes. There is not an NTFS permission that would prevent browsing but allow program execution. You need to do this through Group Policy or through the registry as I detailed earlier.

You do not have to convert your drivestore.

 

[dwilko]

I will Give This a try and let you know if works or not

________________________________________
I help Where I can