Announcement

Collapse
No announcement yet.

Net file for non-administrators?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Net file for non-administrators?

    I have got users complaining they are not able to use "net file" that now they are not administrators (blame my predecessor for making everyone a domain admin! - isn't that a sackable offense or something?)

    Is there a way that I can grant them the right to use net file but still not be administrators? We are in a Windows 2003 active directory and most of the client workstations are Windows 2000 Professional or XP Professional.

  • #2
    Re: Net file for non-administrators?

    what do you mean with net file?????
    Will this help you?
    http://www.microsoft.com/technet/pro....mspx?mfr=true
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Net file for non-administrators?

      That doesn't seem to be what I need.

      By net file I mean the ability to run the net command in a command prompt window.

      eg. Start -> Run -> cmd.exe

      then

      c:\> net file

      Comment


      • #4
        Re: Net file for non-administrators?

        Well it is as they doent have the ntfs permissions
        Grand users the net.exe. However i don't know why regular users needs it...
        Cause:

        "NET FILE" displays all the open shared files on a server and the lock-id
        "NET FILE id /CLOSE" Closes a shared file (disconnect other users and remove file locks)


        File System Policies
        You can use File System policies to configure security for files and folders and control security auditing of files and folders. For example, to ensure that only administrators can modify system files and folders, you can use File System policies to grant administrators full control over system files and folders and to grant read-only permission to other users. You can also use File System policies to prevent certain users from viewing files and folders.

        You can use File System policies to audit user activity affecting files and folders when auditing is enabled. You can specify which users and which user events are logged for both failed and successful events.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Net file for non-administrators?

          The permissions on the net.exe file are by default read and execute for normal users. Shouldn't this be enough? I don't think it is just the file permissions on the binary itself, there must be something the binary accesses or has rights to change that normal users don't have the right to.

          Comment


          • #6
            Re: Net file for non-administrators?

            Originally posted by humbletech99 View Post
            The permissions on the net.exe file are by default read and execute for normal users. Shouldn't this be enough? I don't think it is just the file permissions on the binary itself, there must be something the binary accesses or has rights to change that normal users don't have the right to.
            I guess you might need elevated rghts on the file you were trying to close itself, or a "User Right" in the OS that is only given to elevated users. At every organisation I've ever worked since Win2k came out, closing a file which was locked needed a call to the service desk, and in some places the service desk had to pass the work to a server team to do.


            Tom
            For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

            Anything you say will be misquoted and used against you

            Comment


            • #7
              Re: Net file for non-administrators?

              If I can't let my users run net.exe without admin rights and I really don't want to give them that, even local admin rights to their workstations, then can you suggest another tool which will allow them to tell who is using a file across the network on their machine without requiring elevated privileges?

              Comment


              • #8
                Re: Net file for non-administrators?

                Originally posted by humbletech99 View Post
                If I can't let my users run net.exe without admin rights and I really don't want to give them that, even local admin rights to their workstations, then can you suggest another tool which will allow them to tell who is using a file across the network on their machine without requiring elevated privileges?
                Users are sharing files from WHERE?!?! don't you have a file server with a shared area which is backed up?!


                Tom
                For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                Anything you say will be misquoted and used against you

                Comment


                • #9
                  Re: Net file for non-administrators?

                  ha ha... indeed. This company has done everything historically wrong, I'm changing all that, but I just wanted to know if I could get this work for now until I ween them off this stupid practice and put all that junk on another central file server.

                  Comment


                  • #10
                    Re: Net file for non-administrators?

                    Originally posted by humbletech99 View Post
                    ha ha... indeed. This company has done everything historically wrong, I'm changing all that, but I just wanted to know if I could get this work for now until I ween them off this stupid practice and put all that junk on another central file server.
                    The way to wean them off this practice is to tell them that business files stored on workstations are UNSUPPORTED. Trust me, they'll soon be looking for elsewhere to store the files when you won't respond to any calls about missing files, files corrupted by bad exits from apps, files deleted by mistake, files they can't open etc etc etc. Also, there are ways of redirecting their "My Documents" folders, hiding the C: drive, mapping network drives etc in Policy and via login scripts.

                    When they call about local files they can't open, just laugh at them and point them to their "M" drive or whatever instead.


                    Tom
                    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                    Anything you say will be misquoted and used against you

                    Comment


                    • #11
                      Re: Net file for non-administrators?

                      yes I agree and know all of what you are talking about except hiding the C drive. How is that done, I don't recall seeing a gpo or something for that... does it require something to be added software wise?

                      Comment


                      • #12
                        Re: Net file for non-administrators?

                        Originally posted by Stonelaughter View Post
                        When they call about local files they can't open, just laugh at them and point them to their "M" drive or whatever instead.
                        Yes, many ways to do it... just don't forget who pays your salary.

                        Originally posted by humbletech99 View Post
                        yes I agree and know all of what you are talking about except hiding the C drive. How is that done, I don't recall seeing a gpo or something for that... does it require something to be added software wise?
                        http://support.microsoft.com/kb/231289
                        Last edited by JeremyW; 16th November 2006, 16:56. Reason: More stuff
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment

                        Working...
                        X