Jump to content

Recommended Posts

Posted

Hi,

 

I have made a share (name: UserProfiles) for the roaming profiles for the users.

 

However, the users can access the share (if they type \\server\UserProfiles) and there they can make folders. Can you prevent that the users can access of make folders there?

 

Thanks!

Posted

Hi,

 

I have made a share (name: UserProfiles) for the roaming profiles for the users.

 

However, the users can access the share (if they type \\server\UserProfiles) and there they can make folders. Can you prevent that the users can access of make folders there?

 

Thanks!

 

Right click on UserProfile folder, under SECURITY select ADVANCED and then CHANGE PERMISSIONS.

 

Here you could delete every user BUT NOT Administrator and/or SYSTEM (if exists). Once you're finished click ADD.

 

I think your users are in a DOMAIN, if so type DOMAIN USERS, or if you prefer type the name of the group containing allowed users. Then click OK.

 

Now you should see a list of permission (starting with full control), here are my suggestions:

 

ALLOW: LIST FOLDER / read data

DENY: everything else

 

*** DO NOT CHECK >>> DENY > FULL CONTROL ***

 

Now for each subfolder you should assign a "full control" to the owner. But this is up to you :)

 

 

I hope this can help you :)

 

Let me know!

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Posted

The users are indeed in a domain. I tried your suggestion, but it didn't work, because if a new user logs on, he can't make a folder automatically. The UserProfiles folder is the profile path for the roaming profiles of the users. So the folder must have the permissions to make a folder if a users logs on for the first time.

 

Now i gave the domainusers the following rights: list folder/read data and create folders/append data (this folder only rights).

 

Everyrhing works fine that way, except that users can access the server by typing \\server. Then they can access the UserProfiles folder. The only thing they van do there is make folders (nothing else). Because it is a school, I want te prevent that.

 

I think it is not possible because the users must have create folders rights to make a folder on first logon...

 

Right click on UserProfile folder, under SECURITY select ADVANCED and then CHANGE PERMISSIONS.

 

Here you could delete every user BUT NOT Administrator and/or SYSTEM (if exists). Once you're finished click ADD.

 

I think your users are in a DOMAIN, if so type DOMAIN USERS, or if you prefer type the name of the group containing allowed users. Then click OK.

 

Now you should see a list of permission (starting with full control), here are my suggestions:

 

ALLOW: LIST FOLDER / read data

DENY: everything else

 

*** DO NOT CHECK >>> DENY > FULL CONTROL ***

 

Now for each subfolder you should assign a "full control" to the owner. But this is up to you :)

 

 

I hope this can help you :)

 

Let me know!

Posted

The users are indeed in a domain. I tried your suggestion, but it didn't work, because if a new user logs on, he can't make a folder automatically. The UserProfiles folder is the profile path for the roaming profiles of the users. So the folder must have the permissions to make a folder if a users logs on for the first time.

 

Now i gave the domainusers the following rights: list folder/read data and create folders/append data (this folder only rights).

 

Everyrhing works fine that way, except that users can access the server by typing \\server. Then they can access the UserProfiles folder. The only thing they van do there is make folders (nothing else). Because it is a school, I want te prevent that.

 

I think it is not possible because the users must have create folders rights to make a folder on first logon...

 

Well... this is not exactly true... you have two choices:

1) You can MANUALLY create each profile folder (bad idea...)

2) Map a network script that runs with admin right to create the folder

 

Where I work I did that :)

--------------------------------------------------------

Tu peux aussi crire en franais.

Du kannst auch auf Deutsch schreiben.

Puoi scrivere anche in italiano.

--------------------------------------------------------

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...