I'm having a real hard time finding anything relevant to this on either DaniWeb or the rest of the web. I have a WinXP Pro computer on a domain (Win2K3 server), and I want to make a folder (and more to the point, a specific program) on that computer inaccessible to anybody but local administrators (which includes domain admins, as well as a couple domain users). The folder is located on C:\; it's not in any special folders like Program Files or Documents and Settings or anything. I've tried all the varieties of permissions I can think of, to the point of removing permission inheriting, removing all permissions, and then manually adding in, user-by-user, only the people who should have access...and yet I go to effective permissions and enter a random domain user, and it shows that they would get Full Control, which I verified by grabbing a random person who had never even logged on to that particular machine before and having them log in and then create a new folder inside the folder that is supposed to be restricted, open files, etc., which they were able to do no problemo.

What facepalm-worthy obvious thing am I missing here? Surely there's a way to make it so everyone on the domain doesn't have full control of files on whatever machine they're logged on to?

10 Years
Discussion Span
Last Post by jmassey

The only way I can think of to limit access to local files would be to set "Deny" to everyone on your domain, then you would have to use a local account to gain access to it. But I dont recommend doing this. Another option would be to use software such as PGP to encrypt files you dont want others to see, this is the most secure method and is least likely to cause problems with access restrictions on your domain

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.