File security (advanced)

  • Thread starter Thread starter Scott
  • Start date Start date
S

Scott

I have more than one user on my computer. I have disabled
the simple filesharing folder view feature so that I can
individually set the access rights to each individual
file.

I am also able to set those permissions so that the other
user cannot access the file. However, there seems to be a
problem. Regardless of what I try, the other user can
always take ownership of the file, and then from there
edit the security settings and read the file.

Is there a way for one user to prevent other users of
that same system from accessing files on a computer?
Thank you for any assistance you can provide.

Scott H.
 
Hi Scott,

One way is to Encrypt. EFS is built in.

308989 HOW TO: Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989

307877 HOW TO: Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877

223316 Best Practices for the Encrypting File System
http://support.microsoft.com/?id=223316

821737 A User Who Has Permissions to Change the Folder Attributes Can Now
http://support.microsoft.com/?id=821737

308991 HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991

248723 INFO: Understanding Encrypted Directories
http://support.microsoft.com/?id=248723

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)

--------------------
| Sender: "Scott" <[email protected]>
| Subject: File security (advanced)
| Date: Thu, 29 Jan 2004 15:56:04 -0800
|
| I have more than one user on my computer. I have disabled
| the simple filesharing folder view feature so that I can
| individually set the access rights to each individual
| file.
|
| I am also able to set those permissions so that the other
| user cannot access the file. However, there seems to be a
| problem. Regardless of what I try, the other user can
| always take ownership of the file, and then from there
| edit the security settings and read the file.
|
| Is there a way for one user to prevent other users of
| that same system from accessing files on a computer?
| Thank you for any assistance you can provide.
|
| Scott H.
|
 
Hi Scott,

Also, have you tested with Limited User Accounts?

Administrators have implicit ability to take ownership of files, but not so
<as I recall> for Limited Users

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)


--------------------
| From: "Scott" <[email protected]>
| Subject: File security (advanced)
| Date: Thu, 29 Jan 2004 15:56:04 -0800
|
| I have more than one user on my computer. I have disabled
| the simple filesharing folder view feature so that I can
| individually set the access rights to each individual
| file.
|
| I am also able to set those permissions so that the other
| user cannot access the file. However, there seems to be a
| problem. Regardless of what I try, the other user can
| always take ownership of the file, and then from there
| edit the security settings and read the file.
|
| Is there a way for one user to prevent other users of
| that same system from accessing files on a computer?
| Thank you for any assistance you can provide.
|
| Scott H.
|
 
Greetings --

Make sure that the other user does _not_ have administrative
privileges. Any user with administrative privileges can always take
ownership.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
GPEDIT.MSC can be used to remove the Administrators group from the Take Ownership role, and a specific username can be assigned.
 
Thanks for the backup Bruce and Doug!

Pauly

--------------------
| From: "Doug Knox MS-MVP" <[email protected]>
| Subject: Re: File security (advanced)
| Date: Fri, 30 Jan 2004 10:57:05 -0500
|
| GPEDIT.MSC can be used to remove the Administrators group from the Take
Ownership role, and a specific username can be assigned.
| --
| Doug Knox, MS-MVP Windows XP/ Windows Smart Display
| Win 95/98/Me/XP Tweaks and Fixes
| http://www.dougknox.com
| --------------------------------
| Per user Group Policy Restrictions for XP Home and XP Pro
| http://www.dougknox.com/xp/utils/xp_securityconsole.htm
| --------------------------------
| Please reply only to the newsgroup so all may benefit.
| Unsolicited e-mail is not answered.
|
| > Greetings --
| >
| > Make sure that the other user does _not_ have administrative
| > privileges. Any user with administrative privileges can always take
| > ownership.
| >
| > Bruce Chambers

=========

This posting is provided "AS IS" with no warranties, and confers no rights.

Windows XP Security Homepage:
http://www.microsoft.com/windowsxp/security/default.asp

Windows 2000 Security Homepage:
http://www.microsoft.com/windows2000/security/default.asp

Top 10 Windows Newsgroups Security Questions:
http://www.microsoft.com/technet/newsgroups/default.asp?url=/technet/newsgro
ups/nodepages/sectop10.asp

=========
Paul Hayes, MCSE
Product Support Services
Microsoft Corporation
(e-mail address removed)
 
Greetings --

Thanks for that tidbit of info, Doug.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH


GPEDIT.MSC can be used to remove the Administrators group from the
Take Ownership role, and a specific username can be assigned.
 
Greetings --

You're welcome.

Bruce Chambers

--
Help us help you:



You can have peace. Or you can have freedom. Don't ever count on
having both at once. -- RAH
 
Back
Top