Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Windows 2003R2 users/groups

Windows 2003R2 users/groups 10 years 5 months ago #15576

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
When I create a user inside an OU, it is automaticaly assigned various groups. One of them is the "Domain Users" group. What happens is that the users have no access to any folders, not even the home folder.

If I than add the group "users" from the built-in groups, all users have access to every one's folders and files.

My objective is to give all access to the user's home folder only, and not let him have access to any other folders (not ever see them).

Windows in too complicated. I am used to netware and some linux.
The administrator has disabled public write access.

Groups 10 years 5 months ago #15594

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Basic approach is:
1) Set up your folder structure
2) Create suitable group for the purpose
3) Give the group the required permissions in the folder(s)
4) Add users into the group
For your scenario you could give Domain Users the rights to access folders everybody needs to use but explicitly deny that group access to the home directory folder tree. Then you can grant access in that tree for each individual users or by other groups for department perhaps
The administrator has disabled public write access.

Re: Windows 2003R2 users/groups 10 years 4 months ago #15650

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
Would it be correct or wise to delete some of the groups automaticaly assigned to the users (if you can, because if there are inheritances, windows will not let you delete), and then create a customized goup?

After studying mane books, I still don't know what is the best method to deny access to users other them the one(s) you want to.
The administrator has disabled public write access.

Re: Windows 2003R2 users/groups 10 years 4 months ago #15766

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Another rule of thumb is to only give users what they need - allowing access to other drives and folders will only encourage then to see what's there and perhaps use them as another filestore which then might not get backed up etc. If your needs are best served by your custom groups then use those in preference to the supplied ones. I wouldn't delete the supplied ones though; just remove the user(s) from membership and the group won't apply to them. I also would advise against customising the supplied groups, tempting as it may be. Sometimes it can save your bacon by having the defaults to go back to!
The administrator has disabled public write access.

Re: Windows 2003R2 users/groups 10 years 4 months ago #15793

  • Rockape
  • Rockape's Avatar
  • Offline
  • Moderator
  • Posts: 330
  • Karma: 0
Wise words indeed Bishop, and the voice of experience as well !!!
The administrator has disabled public write access.

Re: Windows 2003R2 users/groups 10 years 3 months ago #16745

  • beexo
  • beexo's Avatar
  • Offline
  • Frequent Member
  • Posts: 78
  • Karma: 0
just to say Thankyou.
The administrator has disabled public write access.
Time to create page: 0.078 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup