I'm having a real hard time finding anything relevant to this on either DaniWeb or the rest of the web. I have a WinXP Pro computer on a domain (Win2K3 server), and I want to make a folder (and more to the point, a specific program) on that computer inaccessible to anybody but local administrators (which includes domain admins, as well as a couple domain users). The folder is located on C:\; it's not in any special folders like Program Files or Documents and Settings or anything. I've tried all the varieties of permissions I can think of, to the point of removing permission inheriting, removing all permissions, and then manually adding in, user-by-user, only the people who should have access...and yet I go to effective permissions and enter a random domain user, and it shows that they would get Full Control, which I verified by grabbing a random person who had never even logged on to that particular machine before and having them log in and then create a new folder inside the folder that is supposed to be restricted, open files, etc., which they were able to do no problemo.
What facepalm-worthy obvious thing am I missing here? Surely there's a way to make it so everyone on the domain doesn't have full control of files on whatever machine they're logged on to?