Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
Many thanks!
"Colin Nash [MVP]" <cnash x@x mvps.org> wrote in message
news:uDtiweWDFHA.960@TK2MSFTNGP09.phx.gbl...
>
> "Chris Bunting" <chris@cjsb.demon.co.uk> wrote in message
> news:cu8qm0$k00$1$8302bc10@news.demon.co.uk...
>>I wanted to disable the file security tab for some users on a xp pro /
>>2003 domain and followed the instructions on support.microsoft.com
>>(Q303153). This has worked but is it possible to apply a group policy to
>>reverse this?
>>
>> Many thanks in advance
>>
>
> In step 10 of that article (http://support.microsoft.com/?id=303153), it
> says:
>
> "Change the permission on this key for the users and/or groups that you
> added in the previous step to "Deny Read." This prevents the user from
> being able to instantiate the needed components to display the Security
> and Sharing tabs. Click OK twice to complete the settings and exit the
> Group Policy Editor."
>
> So if you remove the ACL entry you made that Denies Read to list of users
> or groups, it should revert back to the default settings. Unless you also
> went and removed or modified the entries that were there before, in
> addition to adding this one. Anyway, you should be able to make this
> registry change through a group policy (and of course, remove or disable
> the first one.)
>
> Although I'd say a better way of preventing users from changing
> permissions is to NOT give them Full Control over the folders in question,
> and consider removing the Full Control granted to "CREATOR OWNER" in some
> areas of the filesystem (otherwise users can set permissions on files they
> create.) The steps in that KB article will only limit the graphical
> interface for the security tab, but there are other tools someone might
> use to set permissions.
>
>
> --
> Colin Nash
> Microsoft MVP
> Windows Shell/User
>