Group permissions

/usr/usr Member Posts: 1,768 ■■■□□□□□□□
How do you set/modify permissions in a group? Unless I completely skipped over a few pages, this Sybex books leaves it out. It tells how to create/delete, and add users to groups, but not how to actually set the permissions on the groups.

Comments

  • Orion82698Orion82698 Member Posts: 483
    Well, once you have created the group and added the correct users to that group, you would then under the folder you wish to share out and give access to, right click>select properties. Select security>add>browse your domain (or workgroup) and select the group. You would then select the permissions you wish the group to have. Remember, when mixing NTFS and Share permissions, the most restrictive is the one that will take.

    i.e

    Share permissions are read only

    NTFS permissions for a group are set to Modify

    The group would have Read only.

    The default for Share permissions is set to the Everyone group and Full controll. This way, by default, NTFS permissions are what takes.

    Cool?

    C
    WIP Vacation ;-)

    Porsche..... there is no substitute!
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    Thanks for the reply, but what about disabling certain items for a group, such as the Run command.
  • Orion82698Orion82698 Member Posts: 483
    Well, it then depends on if you are a domain or workgroup based. If you were a domain, you would do this through a GPO (group policy). You would create the user account, create a group, add the user to the group, create and OU (organizational unit) and add the group to the OU. Then on the OU, create a group policy. It goes really in depth from here. If you are studying 70-210, don't focus too much on GPO's. Leave that for 70-215. It will explain it all then.
    WIP Vacation ;-)

    Porsche..... there is no substitute!
  • /usr/usr Member Posts: 1,768 ■■■□□□□□□□
    I'm studying 70-270 and just want to know how to apply this locally. Would I just use an LGPO if I was doing it in a Workgroup then?

    I just picked that example at random. I see a bunch of things to set in the Local Policy snap-in and wondered where the rest of the items were. A lot of times accessing Run on a public machine is prohibited. Just wondered where the setting was.
  • Orion82698Orion82698 Member Posts: 483
    Check out this link. It has a document that will explain it all. The best thing I can tell you, is to get two cheap machines, get yourself a eval copy of 2000/2003 and test things out. That is how I learned. Good luck to you!

    http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
    WIP Vacation ;-)

    Porsche..... there is no substitute!
  • Orion82698Orion82698 Member Posts: 483
    No problem

    For a LGPO, open a MMC and select User configuration. Drill down through Administrative templates>start menu and task bar. In there you will find "remove run menu from start menu". It's the same for a domain GPO as well. It also doesn't matter from XP/2000 or 2000/2003 server. 2003 just has some more advantages, from what I see.



    C
    WIP Vacation ;-)

    Porsche..... there is no substitute!
  • garv221garv221 Member Posts: 1,914
    I have set computers up with local security for public computers labs. I just use gpedit.msc & prevent access to the group policy folder in system32 who you DO NOT want the policy to apply too, for eveyone else- the policy you create applys- just like AD. Then change around settings in gpedit.msc like "prevent access to C:\" stuff like that. Works great with Ghost.
  • lazyartlazyart Member Posts: 483
    garv221 wrote:
    & prevent access to the group policy folder in system32 who you DO NOT want the policy to apply to

    How clever.
    I'm not a complete idiot... some parts are missing.
Sign In or Register to comment.