Archived from groups: microsoft.public.win2000.security (
More info?)
I believe that is the default setting in that users can not write files to
the drive/root folder but can create folders and write files to those
folders. If you do not want users to be able to create folders in the root
folder then you did the right thing by changing the permission which could
be done with a deny or simply removing the unneeded permission [implicit
deny] which is most common method to do such. --- Steve
"Chris Hagon" <ChrisHagon@discussions.microsoft.com> wrote in message
news:F20397F2-B747-4451-8D18-055B4AE12BC8@microsoft.com...
> On checking Steven I noticed our rights were set as you mentioned,
> however,
> if I checked the security on the root and went to 'Advanced' then the
> 'Users'
> group had Allow rights to 'Create folders & append data' on this root.
>
> I have now Denied this and tested creating a folder with a user with
> standard privileges and this has worked. Would someone have enabled this
> by
> default and what are the possible ramifications of me denying this option?
>
> -------
> Tech Admin
> West Midlands, England
> Stressed and Tired!
> --------
>
>
> "Chris Hagon" wrote:
>
>> Thanks for your help Steven; I feel I should have known this, but we
>> learn by
>> asking I believe. I am beginning to put your advice into practise,
>> thanks
>> once again
>>
>> -------
>> Tech Admin
>> West Midlands, England
>> Stressed and Tired!
>> --------
>>
>>
>> "Steven L Umbach" wrote:
>>
>> > A user will not need write/modify/full control permissions to logon to
>> > a TS
>> > or other computer with the possible exception of their user profile if
>> > they
>> > are allowed to save and manage files there. So what I would do is to
>> > make
>> > sure that users have no more then read/list/execute permissions to any
>> > folder where you do not want them to store files to. Other then the
>> > system
>> > folders, root folder, user profiles, and folders that they need to
>> > write to
>> > or run applications from they need no permissions on other folders. The
>> > link
>> > below may help. --- Steve
>> >
>> >
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308419
>> >
http://support.microsoft.com/?scid=327522
>> >
>> > WORKAROUND
>> > To work around this issue, reset the permissions for the root directory
>> > on
>> > the system drive. The default permissions for Windows XP can serve as a
>> > guide for a set of permissions that have been thoroughly designed and
>> > tested. The following are the default permissions for the root
>> > directory on
>> > the system drive for Windows XP: . Administrators: Full (This Folder,
>> > Subfolders, and Files)
>> > . Creators Owners: Full (Subfolders and Files)
>> > . System: Full (This Folder, Subfolders, and Files)
>> > . Everyone: Read and Execute (This Folder Only)
>> >
>> >
>> > "Chris Hagon" <ChrisHagon@discussions.microsoft.com> wrote in message
>> > news:A15D2BDF-11E0-4C37-9E38-9E4759E0B070@microsoft.com...
>> > > I've recently discovered one user saving files while in a Terminal
>> > > Server
>> > > session to the 'C:' drive - which is the server root. Obviously
>> > > users
>> > > have
>> > > files on other servers but should not be saving anything to our
>> > > Terminal
>> > > Server.
>> > >
>> > > I'm a little hazy on how the permissions should be set-up to allow
>> > > people
>> > > to
>> > > log in but not access the actual server HDD itself
>> > >
>> > > Any ideas? Thanks!
>> > >
>> > > -------
>> > > Tech Admin
>> > > West Midlands, England
>> > > Stressed and Tired!
>> > > --------
>> >
>> >
>> >