Limit permissions to Desktop/My Documents

G

Guest

I am wanting to limit access to the Desktop and My Documents folder for each user who logs into a Windows 2000 Pro computer. Is there a way I can do this? I have a domain security group called MS Students and have already limited this group to the C:\ but that does not apply to the desktop and My Documents. Any help would be greatly appreciated.

Thanks,
CHris
 
N

Nimit Mehta

Its very simple.
Go to the directories of respective users and set
permissions as you want.
Location: c:\documents and settings\user\desktop
Location: c:\documents and settings\user\my documents.
-Nimit
-----Original Message-----
I am wanting to limit access to the Desktop and My
Click to expand...
Documents folder for each user who logs into a Windows
2000 Pro computer. Is there a way I can do this? I have a
domain security group called MS Students and have already
limited this group to the C:\ but that does not apply to
the desktop and My Documents. Any help would be greatly
appreciated.
 
N

Nimit Mehta

Use security in ALL users instead of individual users.
-Nimit
-----Original Message-----
What if I don't know the username? I have more than one
Click to expand...
student logging onto a machine. I want this done before
they login as well.
 
S

Steven L Umbach

You could try a logon script that can be distributed through Group Policy. For
instance you could try a logon script using xcacls such as ==

[ xcacls %systemdrive%\docume~1\%username%\desktop /p %username%:r administrators:f
/y ].

That would give the user read/list/execute permissions and the administrators group
full permissions to the users desktop folder. You could do the same for the my
documents folder using "mydocu~1" as the name of the folder. Dir /x will show short
file names for using in a command.

Xcacls may not be on their computers, but is available in the free support tools on
the install disk tools/support folder where you have to run the setup program there.
You can use xcacls /? to get the help screen for xcacls and you could copy it to the
other computers from a network share [copy \\server\share\xcacls.exe
c:\winnt\system32] as a startup script to their \winnt\system32 folder. See the link
below for more details an startup and logon scripts. Startup scripts have the
advantage of running in system context to do things a limited user could not but in
this particular case you would need to use a logon script because of the user
variable being used. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;198642

Chris said:
What if I don't know the username? I have more than one student logging onto a
Click to expand...
machine. I want this done before they login as well.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Folder redirection failing 0
User can delete the icons from all desktop folder on Windows 2000 2
question on domain local machine permissions 1
GPO force Redirect of folders on 2003 Term Server 3
Folder redirection 1
How to assign application to computer 6
MS Access Desktop Shortcut with excessive target length 6
Group Policy Limits 1

Top