Back again with another brain buster, at least for me.
So to get right into it I decided to setup a small file share across my home network using an alternate account that can only access the shared folders and only has 3 folders available to it that it can add/delete items to/from. Simple enough.
My problem is that when I use the alternate account to login to my box remotely (RDP) I am able to make any changes to the computer I want including being able to change folder permissions, change the administrator login information, etc... as if that account has admin rights to the box. I have attempted to use the Parental controls to disable that account from being able to use any application at all but I can simply remote in with the alternate account and change them back, giving me full access to everything once again.
The alternate account is ONLY in the USERS group and I have been able to impliment a workaround for this by denying terminal services to the USERS group via secpol.msc but I am still able to use one of the other PC's in my home to edit folder permissions thus destroying the shared data if I so choose to.
What I would like to know is how can I create a user account that is only used to map to folders and not able to change any of the permissions?
I think I just confused myself so if you need more clarification please let me know what info you need....ANY help is appreciated, thank you!