Enable Security Tab by Group policy (xp Pro)

[Chris Bunting]

I wanted to disable the file security tab for some users on a xp pro / 2003
domain and followed the instructions on support.microsoft.com (Q303153).
This has worked but is it possible to apply a group policy to reverse this?

Many thanks in advance

 

[Colin Nash [MVP]]

I wanted to disable the file security tab for some users on a xp pro / 2003
domain and followed the instructions on support.microsoft.com (Q303153).
This has worked but is it possible to apply a group policy to reverse this?

Many thanks in advance

In step 10 of that article (http://support.microsoft.com/?id=303153), it
says:

"Change the permission on this key for the users and/or groups that you
added in the previous step to "Deny Read." This prevents the user from being
able to instantiate the needed components to display the Security and
Sharing tabs. Click OK twice to complete the settings and exit the Group
Policy Editor."

So if you remove the ACL entry you made that Denies Read to list of users or
groups, it should revert back to the default settings. Unless you also went
and removed or modified the entries that were there before, in addition to
adding this one. Anyway, you should be able to make this registry change
through a group policy (and of course, remove or disable the first one.)

Although I'd say a better way of preventing users from changing permissions
is to NOT give them Full Control over the folders in question, and consider
removing the Full Control granted to "CREATOR OWNER" in some areas of the
filesystem (otherwise users can set permissions on files they create.) The
steps in that KB article will only limit the graphical interface for the
security tab, but there are other tools someone might use to set
permissions.

 

[Chris Bunting]

Many thanks!

In step 10 of that article (http://support.microsoft.com/?id=303153), it
says:

"Change the permission on this key for the users and/or groups that you
added in the previous step to "Deny Read." This prevents the user from
being able to instantiate the needed components to display the Security
and Sharing tabs. Click OK twice to complete the settings and exit the
Group Policy Editor."

So if you remove the ACL entry you made that Denies Read to list of users
or groups, it should revert back to the default settings. Unless you also
went and removed or modified the entries that were there before, in
addition to adding this one. Anyway, you should be able to make this
registry change through a group policy (and of course, remove or disable
the first one.)

Although I'd say a better way of preventing users from changing
permissions is to NOT give them Full Control over the folders in question,
and consider removing the Full Control granted to "CREATOR OWNER" in some
areas of the filesystem (otherwise users can set permissions on files they
create.) The steps in that KB article will only limit the graphical
interface for the security tab, but there are other tools someone might
use to set permissions.