- Posts: 78
- Thank you received: 0
Windows 2003R2 users/groups
18 years 3 months ago #15576
by beexo
Windows 2003R2 users/groups was created by beexo
When I create a user inside an OU, it is automaticaly assigned various groups. One of them is the "Domain Users" group. What happens is that the users have no access to any folders, not even the home folder.
If I than add the group "users" from the built-in groups, all users have access to every one's folders and files.
My objective is to give all access to the user's home folder only, and not let him have access to any other folders (not ever see them).
Windows in too complicated. I am used to netware and some linux.
If I than add the group "users" from the built-in groups, all users have access to every one's folders and files.
My objective is to give all access to the user's home folder only, and not let him have access to any other folders (not ever see them).
Windows in too complicated. I am used to netware and some linux.
18 years 3 months ago #15594
by TheBishop
Basic approach is:
1) Set up your folder structure
2) Create suitable group for the purpose
3) Give the group the required permissions in the folder(s)
4) Add users into the group
For your scenario you could give Domain Users the rights to access folders everybody needs to use but explicitly deny that group access to the home directory folder tree. Then you can grant access in that tree for each individual users or by other groups for department perhaps
1) Set up your folder structure
2) Create suitable group for the purpose
3) Give the group the required permissions in the folder(s)
4) Add users into the group
For your scenario you could give Domain Users the rights to access folders everybody needs to use but explicitly deny that group access to the home directory folder tree. Then you can grant access in that tree for each individual users or by other groups for department perhaps
18 years 3 months ago #15650
by beexo
Replied by beexo on topic Re: Windows 2003R2 users/groups
Would it be correct or wise to delete some of the groups automaticaly assigned to the users (if you can, because if there are inheritances, windows will not let you delete), and then create a customized goup?
After studying mane books, I still don't know what is the best method to deny access to users other them the one(s) you want to.
After studying mane books, I still don't know what is the best method to deny access to users other them the one(s) you want to.
18 years 3 months ago #15766
by TheBishop
Replied by TheBishop on topic Re: Windows 2003R2 users/groups
Another rule of thumb is to only give users what they need - allowing access to other drives and folders will only encourage then to see what's there and perhaps use them as another filestore which then might not get backed up etc. If your needs are best served by your custom groups then use those in preference to the supplied ones. I wouldn't delete the supplied ones though; just remove the user(s) from membership and the group won't apply to them. I also would advise against customising the supplied groups, tempting as it may be. Sometimes it can save your bacon by having the defaults to go back to!
18 years 3 months ago #15793
by Rockape
Replied by Rockape on topic Re: Windows 2003R2 users/groups
Wise words indeed Bishop, and the voice of experience as well !!!
Time to create page: 0.129 seconds