XP and protecting folders

Tue Jan 13, 2004 11:41 am

It's been awhile since mcse school. I just converted my hard drive I use for archiving files and such to NTFS. I did this so I could decide who has access to specific folders on the drive. I remember this under win2000, but now I am using XP. The thing is it only let's me turn sharing on and off. I want to designate the users that are allowed access to the folders on that drive.

Is this possible under XP Pro?

Tue Jan 13, 2004 11:49 am

To display the Security tab
Open Folder Options in Control Panel.
Click Start, point to Settings, and then click Control Panel.
Double-click Folder Options
.
On the View tab, under Advanced settings, clear Use simple file sharing [Recommended

Once you do this you can take ownership just like NT/2000 or set the right for each file and folder.

Tue Jan 13, 2004 11:54 am

does this help?

http://www.udel.edu/timmins/FileSharingXP/

Tue Jan 13, 2004 11:57 am

For all XP questions, check out tweakxp.com!

Tue Jan 13, 2004 12:12 pm

Thank ya mate. Would you have a sec to enlighten me concerning rights. I want to make sure that no one other than the admins can do anything with the folder. I prefer that no one see it, but I know if I remove everyone then it will also kill the admins rights too, right?

Tue Jan 13, 2004 12:23 pm

rt mugz. Should I just "deny all" to the users group? Would that lock the admins out also? I wouldn't think so because the admins are not a member of users.

I remember from class that you can essentially lock the admins out if your not carefull with the deny option.

Tue Jan 13, 2004 12:35 pm

1) create a group for admins
2) add that group to any admin's profile
3) give authority to only the 'admin' group for the files/folders that only admins should have access to

Tue Jan 13, 2004 12:41 pm

But what about the eveyone group? If I remove it in a sense don't I lock everyone out including the admins?

I should create a practice folder for this

Tue Jan 13, 2004 12:43 pm

if i recall correctly, you don't need everyone when the admin group has permissions. easy to test!

Tue Jan 13, 2004 12:58 pm

Originally posted by -HaVoC-
But what about the eveyone group? If I remove it in a sense don't I lock everyone out including the admins?

I should create a practice folder for this

Think of all groups as a subset of the everyone group.

If you did not assign the 'admin' group to the file/folder then yes you would be locking the admins out. Otherwise you are just giving access to that file/folder to the group 'admin' and anyone who belongs to that group.

Tue Jan 13, 2004 1:19 pm

Also remember that rights are based on the most restrictive.

Folder A can be read by the "users" group
Folder A can be read/writen to by the "admin" group

Bob is a member of the "users" group and "admin" group.
Bob can't write to Folder A

Tue Jan 13, 2004 2:25 pm

restrictive is the issue especially with deny. If you enable deny to the everyone group then you essential lock yourself out. I'll practice later and post my results. Damn how the mind forgets...

Tue Jan 13, 2004 2:38 pm

Well I have a test folder. I added the administrators and removed the everyone group. Basically at this point I can access the items with the guest account but I am unable to modify the contents as a guest.

I want NO ONE other than the admin to see the contents of this folder.

Tue Jan 13, 2004 2:40 pm

I think as an admin you can retake possesion of the folder at anytime

Tue Jan 13, 2004 2:41 pm

is it on a shared drive? can you hide the folder?

did you set permissions on the files or the folder?

try explicitly excluding all groups (except admin) from listing the contents of the folder?