Hello,

We have been evaluating a secure telnet program for one of our servers. We
have run into a problem however that I have been unable to solve. The goal
is to allow one of our users access to edit some web files without having to
FTP them down, then back up. From a command line he can run edit and make
quick changes easily. However, I need to restrict this user to only the web
directories. I have done with with NTFS permissions, and the user's home
directory is set to the appropriate directory. The user can connect to the
secure telnet server, login, and is placed in his home directory, and can
then do anything needed except use the "dir" command. When attempting to
use the dir command you receive a message "Access is Denied."

Here are the details of the installation: it is a Windows 2000 Advanced
Server machine that is a DC. This is identical to what will be my
production environment.



The user that I am testing with, "Test", is a member of only one user group,
"Test Group." The user has been assigned the home directory of d:\Test.
The Test Group has the following User Rights Assignments under the Local
Security Settings:



Bypass Traverse Checking

Log On Locally



It also gains Access This Computer From The Network via the Everyone
listing.



The Drive where the home directory is located, D:\, has the following
permissions:



Domain Admins: Full Control

Domain Users: Full Control



The home directory of the user, d:\Test, does not inherit permissions from
parent, and has the following permissions:



Domain Admins: Full Control

Domain Users: Full Control

Test Group: Full Control



The ability to login and not go anywhere else works perfectly. The test
user cannot get out of that directory, and can maneuver through the sub
directories, and edit files, just fine. The test user just can't run the
"dir" command. This makes the access very cumbersome to use.



It seems to me that it is related to the security structure within windows,
since the dir command is not part of the telnet app, but part of the command
prompt on windows. If anyone has any ideas I'd appreciate it.



Thanks,

Derek Grimme

IT Manager

DoxEMR

Check the directory permissions and make sure the user has
full permissions. (Read/Write, Modify, Delete, List Folder
Contents)

>-----Original Message-----
>Hello,
>
>We have been evaluating a secure telnet program for one
of our servers. We
>have run into a problem however that I have been unable
to solve. The goal
>is to allow one of our users access to edit some web
files without having to
>FTP them down, then back up. From a command line he can
run edit and make
>quick changes easily. However, I need to restrict this
user to only the web
>directories. I have done with with NTFS permissions, and
the user's home
>directory is set to the appropriate directory. The user
can connect to the
>secure telnet server, login, and is placed in his home
directory, and can
>then do anything needed except use the "dir" command.
When attempting to
>use the dir command you receive a message "Access is
Denied."
>
>Here are the details of the installation: it is a Windows
2000 Advanced
>Server machine that is a DC. This is identical to what
will be my
>production environment.
>
>
>
>The user that I am testing with, "Test", is a member of
only one user group,
>"Test Group." The user has been assigned the home
directory of d:\Test.
>The Test Group has the following User Rights Assignments
under the Local
>Security Settings:
>
>
>
>Bypass Traverse Checking
>
>Log On Locally
>
>
>
>It also gains Access This Computer From The Network via
the Everyone
>listing.
>
>
>
>The Drive where the home directory is located, D:\, has
the following
>permissions:
>
>
>
>Domain Admins: Full Control
>
>Domain Users: Full Control
>
>
>
>The home directory of the user, d:\Test, does not inherit
permissions from
>parent, and has the following permissions:
>
>
>
>Domain Admins: Full Control
>
>Domain Users: Full Control
>
>Test Group: Full Control
>
>
>
>The ability to login and not go anywhere else works
perfectly. The test
>user cannot get out of that directory, and can maneuver
through the sub
>directories, and edit files, just fine. The test user
just can't run the
>"dir" command. This makes the access very cumbersome to
use.
>
>
>
>It seems to me that it is related to the security
structure within windows,
>since the dir command is not part of the telnet app, but
part of the command
>prompt on windows. If anyone has any ideas I'd
appreciate it.
>
>
>
>Thanks,
>
>Derek Grimme
>
>IT Manager
>
>DoxEMR
>
>
>
>.
>

Yep, got all that. The Test Group has full control, and all sub items
allowed.

Derek


"Brian" <(E-Mail Removed)> wrote in message
news:053601c3b91f$bcb26b00$(E-Mail Removed)...
> Check the directory permissions and make sure the user has
> full permissions. (Read/Write, Modify, Delete, List Folder
> Contents)
>
> >-----Original Message-----
> >Hello,
> >
> >We have been evaluating a secure telnet program for one
> of our servers. We
> >have run into a problem however that I have been unable
> to solve. The goal
> >is to allow one of our users access to edit some web
> files without having to
> >FTP them down, then back up. From a command line he can
> run edit and make
> >quick changes easily. However, I need to restrict this
> user to only the web
> >directories. I have done with with NTFS permissions, and
> the user's home
> >directory is set to the appropriate directory. The user
> can connect to the
> >secure telnet server, login, and is placed in his home
> directory, and can
> >then do anything needed except use the "dir" command.
> When attempting to
> >use the dir command you receive a message "Access is
> Denied."
> >
> >Here are the details of the installation: it is a Windows
> 2000 Advanced
> >Server machine that is a DC. This is identical to what
> will be my
> >production environment.
> >
> >
> >
> >The user that I am testing with, "Test", is a member of
> only one user group,
> >"Test Group." The user has been assigned the home
> directory of d:\Test.
> >The Test Group has the following User Rights Assignments
> under the Local
> >Security Settings:
> >
> >
> >
> >Bypass Traverse Checking
> >
> >Log On Locally
> >
> >
> >
> >It also gains Access This Computer From The Network via
> the Everyone
> >listing.
> >
> >
> >
> >The Drive where the home directory is located, D:\, has
> the following
> >permissions:
> >
> >
> >
> >Domain Admins: Full Control
> >
> >Domain Users: Full Control
> >
> >
> >
> >The home directory of the user, d:\Test, does not inherit
> permissions from
> >parent, and has the following permissions:
> >
> >
> >
> >Domain Admins: Full Control
> >
> >Domain Users: Full Control
> >
> >Test Group: Full Control
> >
> >
> >
> >The ability to login and not go anywhere else works
> perfectly. The test
> >user cannot get out of that directory, and can maneuver
> through the sub
> >directories, and edit files, just fine. The test user
> just can't run the
> >"dir" command. This makes the access very cumbersome to
> use.
> >
> >
> >
> >It seems to me that it is related to the security
> structure within windows,
> >since the dir command is not part of the telnet app, but
> part of the command
> >prompt on windows. If anyone has any ideas I'd
> appreciate it.
> >
> >
> >
> >Thanks,
> >
> >Derek Grimme
> >
> >IT Manager
> >
> >DoxEMR
> >
> >
> >
> >.
> >