Options
Group permissions
/usr
Member Posts: 1,768
How do you set/modify permissions in a group? Unless I completely skipped over a few pages, this Sybex books leaves it out. It tells how to create/delete, and add users to groups, but not how to actually set the permissions on the groups.
Comments
-
Options
Orion82698
Member Posts: 483
Well, once you have created the group and added the correct users to that group, you would then under the folder you wish to share out and give access to, right click>select properties. Select security>add>browse your domain (or workgroup) and select the group. You would then select the permissions you wish the group to have. Remember, when mixing NTFS and Share permissions, the most restrictive is the one that will take.
i.e
Share permissions are read only
NTFS permissions for a group are set to Modify
The group would have Read only.
The default for Share permissions is set to the Everyone group and Full controll. This way, by default, NTFS permissions are what takes.
Cool?
CWIP Vacation ;-)
Porsche..... there is no substitute! -
Options/usr
Member Posts: 1,768
Thanks for the reply, but what about disabling certain items for a group, such as the Run command.
-
OptionsOrion82698
Member Posts: 483
Well, it then depends on if you are a domain or workgroup based. If you were a domain, you would do this through a GPO (group policy). You would create the user account, create a group, add the user to the group, create and OU (organizational unit) and add the group to the OU. Then on the OU, create a group policy. It goes really in depth from here. If you are studying 70-210, don't focus too much on GPO's. Leave that for 70-215. It will explain it all then.WIP Vacation ;-)
Porsche..... there is no substitute! -
Options/usr
Member Posts: 1,768
I'm studying 70-270 and just want to know how to apply this locally. Would I just use an LGPO if I was doing it in a Workgroup then?
I just picked that example at random. I see a bunch of things to set in the Local Policy snap-in and wondered where the rest of the items were. A lot of times accessing Run on a public machine is prohibited. Just wondered where the setting was. -
OptionsOrion82698
Member Posts: 483
Check out this link. It has a document that will explain it all. The best thing I can tell you, is to get two cheap machines, get yourself a eval copy of 2000/2003 and test things out. That is how I learned. Good luck to you!
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.aspWIP Vacation ;-)
Porsche..... there is no substitute! -
OptionsOrion82698
Member Posts: 483
No problem
For a LGPO, open a MMC and select User configuration. Drill down through Administrative templates>start menu and task bar. In there you will find "remove run menu from start menu". It's the same for a domain GPO as well. It also doesn't matter from XP/2000 or 2000/2003 server. 2003 just has some more advantages, from what I see.
CWIP Vacation ;-)
Porsche..... there is no substitute! -
Options
garv221
Member Posts: 1,914
I have set computers up with local security for public computers labs. I just use gpedit.msc & prevent access to the group policy folder in system32 who you DO NOT want the policy to apply too, for eveyone else- the policy you create applys- just like AD. Then change around settings in gpedit.msc like "prevent access to C:\" stuff like that. Works great with Ghost.
