Sign in with
Sign up | Sign in
Your question

Enable Security Tab by Group policy (xp Pro)

Last response: in Windows XP
Share
Anonymous
a b 8 Security
February 8, 2005 1:43:45 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I wanted to disable the file security tab for some users on a xp pro / 2003
domain and followed the instructions on support.microsoft.com (Q303153).
This has worked but is it possible to apply a group policy to reverse this?

Many thanks in advance
Anonymous
a b 8 Security
February 8, 2005 1:43:46 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

"Chris Bunting" <chris@cjsb.demon.co.uk> wrote in message
news:cu8qm0$k00$1$8302bc10@news.demon.co.uk...
>I wanted to disable the file security tab for some users on a xp pro / 2003
>domain and followed the instructions on support.microsoft.com (Q303153).
>This has worked but is it possible to apply a group policy to reverse this?
>
> Many thanks in advance
>

In step 10 of that article (http://support.microsoft.com/?id=303153), it
says:

"Change the permission on this key for the users and/or groups that you
added in the previous step to "Deny Read." This prevents the user from being
able to instantiate the needed components to display the Security and
Sharing tabs. Click OK twice to complete the settings and exit the Group
Policy Editor."

So if you remove the ACL entry you made that Denies Read to list of users or
groups, it should revert back to the default settings. Unless you also went
and removed or modified the entries that were there before, in addition to
adding this one. Anyway, you should be able to make this registry change
through a group policy (and of course, remove or disable the first one.)

Although I'd say a better way of preventing users from changing permissions
is to NOT give them Full Control over the folders in question, and consider
removing the Full Control granted to "CREATOR OWNER" in some areas of the
filesystem (otherwise users can set permissions on files they create.) The
steps in that KB article will only limit the graphical interface for the
security tab, but there are other tools someone might use to set
permissions.


--
Colin Nash
Microsoft MVP
Windows Shell/User
Anonymous
a b 8 Security
February 13, 2005 1:26:56 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Many thanks!

"Colin Nash [MVP]" <cnash x@x mvps.org> wrote in message
news:uDtiweWDFHA.960@TK2MSFTNGP09.phx.gbl...
>
> "Chris Bunting" <chris@cjsb.demon.co.uk> wrote in message
> news:cu8qm0$k00$1$8302bc10@news.demon.co.uk...
>>I wanted to disable the file security tab for some users on a xp pro /
>>2003 domain and followed the instructions on support.microsoft.com
>>(Q303153). This has worked but is it possible to apply a group policy to
>>reverse this?
>>
>> Many thanks in advance
>>
>
> In step 10 of that article (http://support.microsoft.com/?id=303153), it
> says:
>
> "Change the permission on this key for the users and/or groups that you
> added in the previous step to "Deny Read." This prevents the user from
> being able to instantiate the needed components to display the Security
> and Sharing tabs. Click OK twice to complete the settings and exit the
> Group Policy Editor."
>
> So if you remove the ACL entry you made that Denies Read to list of users
> or groups, it should revert back to the default settings. Unless you also
> went and removed or modified the entries that were there before, in
> addition to adding this one. Anyway, you should be able to make this
> registry change through a group policy (and of course, remove or disable
> the first one.)
>
> Although I'd say a better way of preventing users from changing
> permissions is to NOT give them Full Control over the folders in question,
> and consider removing the Full Control granted to "CREATOR OWNER" in some
> areas of the filesystem (otherwise users can set permissions on files they
> create.) The steps in that KB article will only limit the graphical
> interface for the security tab, but there are other tools someone might
> use to set permissions.
>
>
> --
> Colin Nash
> Microsoft MVP
> Windows Shell/User
>
!