A user that only has access to shared network folders

  • Thread starter Thread starter billypurdue
  • Start date Start date
B

billypurdue

I am wanting to create a user for my XP Professional machine that will
only be able to select network folders. By this I mean that I am able
to setup users, yes, but each of those users is able to sit down at my
machine and login. I want a user that ONLY is able to see/edit things
in a network share folder, and NOTHING ELSE. Can anyone help me?
 
Hi,
I am wanting to create a user for my XP Professional machine that will
only be able to select network folders. By this I mean that I am able
to setup users, yes, but each of those users is able to sit down at my
machine and login. I want a user that ONLY is able to see/edit things
in a network share folder, and NOTHING ELSE. Can anyone help me?
Click to expand...

1. Create user;

2. Start -> Run, type "secpol.msc" and run it.

3. Expand "Local Policies", "User Rights Assignment" in the tree; find "Deny
logon locally" in the list, double click that and add your user.
 
3. Expand "Local Policies", "User Rights Assignment" in the tree; find "Deny
logon locally" in the list, double click that and add your user.
Click to expand...

If you do that, the user won't be able to log on. :-(

However, if the user is a standard (non-Admin one) and you are using NTFS
with the standard permissions set, then the user shouldn't be able to write
to disk outside of their own profile-folder under "Documents and Settings."
It's then just a matter of restricting folders like "my documents" to
readonly. If you don't want ANY changes made by the user to survive a
reboot, then enforcing a Mandatory Profile on the user would achieve that.
 
He won't be able to sit down and log on at the keyboard / screen of that
machine, correct.
But he WILL be able to connect to shared folders on that machine across the
network if they have been shared with the correct permissions for him.

This is a fairly standard configuration, and for example is often used on
servers:
Domain users are denied 'local logon' privilidges on the servers, only
domain admins can sit down at the server console and log in. Domain users
can, of course, connect to shares held on the server.

That was my understanding of the OP's request.
 
Back
Top