D
Derek
Hello,
We have been evaluating a secure telnet program for one of our servers. We
have run into a problem however that I have been unable to solve. The goal
is to allow one of our users access to edit some web files without having to
FTP them down, then back up. From a command line he can run edit and make
quick changes easily. However, I need to restrict this user to only the web
directories. I have done with with NTFS permissions, and the user's home
directory is set to the appropriate directory. The user can connect to the
secure telnet server, login, and is placed in his home directory, and can
then do anything needed except use the "dir" command. When attempting to
use the dir command you receive a message "Access is Denied."
Here are the details of the installation: it is a Windows 2000 Advanced
Server machine that is a DC. This is identical to what will be my
production environment.
The user that I am testing with, "Test", is a member of only one user group,
"Test Group." The user has been assigned the home directory of d:\Test.
The Test Group has the following User Rights Assignments under the Local
Security Settings:
Bypass Traverse Checking
Log On Locally
It also gains Access This Computer From The Network via the Everyone
listing.
The Drive where the home directory is located, D:\, has the following
permissions:
Domain Admins: Full Control
Domain Users: Full Control
The home directory of the user, d:\Test, does not inherit permissions from
parent, and has the following permissions:
Domain Admins: Full Control
Domain Users: Full Control
Test Group: Full Control
The ability to login and not go anywhere else works perfectly. The test
user cannot get out of that directory, and can maneuver through the sub
directories, and edit files, just fine. The test user just can't run the
"dir" command. This makes the access very cumbersome to use.
It seems to me that it is related to the security structure within windows,
since the dir command is not part of the telnet app, but part of the command
prompt on windows. If anyone has any ideas I'd appreciate it.
Thanks,
Derek Grimme
IT Manager
DoxEMR
We have been evaluating a secure telnet program for one of our servers. We
have run into a problem however that I have been unable to solve. The goal
is to allow one of our users access to edit some web files without having to
FTP them down, then back up. From a command line he can run edit and make
quick changes easily. However, I need to restrict this user to only the web
directories. I have done with with NTFS permissions, and the user's home
directory is set to the appropriate directory. The user can connect to the
secure telnet server, login, and is placed in his home directory, and can
then do anything needed except use the "dir" command. When attempting to
use the dir command you receive a message "Access is Denied."
Here are the details of the installation: it is a Windows 2000 Advanced
Server machine that is a DC. This is identical to what will be my
production environment.
The user that I am testing with, "Test", is a member of only one user group,
"Test Group." The user has been assigned the home directory of d:\Test.
The Test Group has the following User Rights Assignments under the Local
Security Settings:
Bypass Traverse Checking
Log On Locally
It also gains Access This Computer From The Network via the Everyone
listing.
The Drive where the home directory is located, D:\, has the following
permissions:
Domain Admins: Full Control
Domain Users: Full Control
The home directory of the user, d:\Test, does not inherit permissions from
parent, and has the following permissions:
Domain Admins: Full Control
Domain Users: Full Control
Test Group: Full Control
The ability to login and not go anywhere else works perfectly. The test
user cannot get out of that directory, and can maneuver through the sub
directories, and edit files, just fine. The test user just can't run the
"dir" command. This makes the access very cumbersome to use.
It seems to me that it is related to the security structure within windows,
since the dir command is not part of the telnet app, but part of the command
prompt on windows. If anyone has any ideas I'd appreciate it.
Thanks,
Derek Grimme
IT Manager
DoxEMR