driezzz Posted February 14, 2011 Posted February 14, 2011 Hi, I have made a share (name: UserProfiles) for the roaming profiles for the users. However, the users can access the share (if they type \\server\UserProfiles) and there they can make folders. Can you prevent that the users can access of make folders there? Thanks! Quote
ICTCity Posted February 14, 2011 Posted February 14, 2011 Hi, I have made a share (name: UserProfiles) for the roaming profiles for the users. However, the users can access the share (if they type \\server\UserProfiles) and there they can make folders. Can you prevent that the users can access of make folders there? Thanks! Right click on UserProfile folder, under SECURITY select ADVANCED and then CHANGE PERMISSIONS. Here you could delete every user BUT NOT Administrator and/or SYSTEM (if exists). Once you're finished click ADD. I think your users are in a DOMAIN, if so type DOMAIN USERS, or if you prefer type the name of the group containing allowed users. Then click OK. Now you should see a list of permission (starting with full control), here are my suggestions: ALLOW: LIST FOLDER / read data DENY: everything else *** DO NOT CHECK >>> DENY > FULL CONTROL *** Now for each subfolder you should assign a "full control" to the owner. But this is up to you :) I hope this can help you :) Let me know! Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
driezzz Posted February 15, 2011 Author Posted February 15, 2011 The users are indeed in a domain. I tried your suggestion, but it didn't work, because if a new user logs on, he can't make a folder automatically. The UserProfiles folder is the profile path for the roaming profiles of the users. So the folder must have the permissions to make a folder if a users logs on for the first time. Now i gave the domainusers the following rights: list folder/read data and create folders/append data (this folder only rights). Everyrhing works fine that way, except that users can access the server by typing \\server. Then they can access the UserProfiles folder. The only thing they van do there is make folders (nothing else). Because it is a school, I want te prevent that. I think it is not possible because the users must have create folders rights to make a folder on first logon... Right click on UserProfile folder, under SECURITY select ADVANCED and then CHANGE PERMISSIONS. Here you could delete every user BUT NOT Administrator and/or SYSTEM (if exists). Once you're finished click ADD. I think your users are in a DOMAIN, if so type DOMAIN USERS, or if you prefer type the name of the group containing allowed users. Then click OK. Now you should see a list of permission (starting with full control), here are my suggestions: ALLOW: LIST FOLDER / read data DENY: everything else *** DO NOT CHECK >>> DENY > FULL CONTROL *** Now for each subfolder you should assign a "full control" to the owner. But this is up to you :) I hope this can help you :) Let me know! Quote
ICTCity Posted February 15, 2011 Posted February 15, 2011 The users are indeed in a domain. I tried your suggestion, but it didn't work, because if a new user logs on, he can't make a folder automatically. The UserProfiles folder is the profile path for the roaming profiles of the users. So the folder must have the permissions to make a folder if a users logs on for the first time. Now i gave the domainusers the following rights: list folder/read data and create folders/append data (this folder only rights). Everyrhing works fine that way, except that users can access the server by typing \\server. Then they can access the UserProfiles folder. The only thing they van do there is make folders (nothing else). Because it is a school, I want te prevent that. I think it is not possible because the users must have create folders rights to make a folder on first logon... Well... this is not exactly true... you have two choices: 1) You can MANUALLY create each profile folder (bad idea...) 2) Map a network script that runs with admin right to create the folder Where I work I did that :) Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.