Announcement

Collapse
No announcement yet.

Windows 2003 workgroup (read only account)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2003 workgroup (read only account)

    Hi,

    So I did my search and found some good solid advice, but it didn't answer what i'm looking for. If it's been asked before, and an answer of the question has been given. then I apologies in advance.

    Here's my scenario.
    I have 5 Windows 2003 machine running some apps Weblogic. I've installed Terminal services. So that a single user can login.

    Now, I would like to create a group and then add a user(s) as needed. I would like
    make that user READ ONLY to the entire C drive. This user doesn't to write/create or modify any files. Just again read only.

    Right now the of course the Default Share is enabled c$
    What i'm thinking that i need to do is create -
    Share the C (without removing the default c$)
    Then change the permission in the advance tab, Permission -
    - then add the group that i want to have read only.
    So i'm here's where i'm curious concern.

    Which read/only boxes i need?
    Once i create the user, do i need first login to the box so that it creates the files/folders (profile) so that once i enable/change the permission it won't need have any problems.

    Basically at the end the user won't have any rights but to view the folders once they login. Nothing else.

    Thank you!

    oops.. btw.. would i have to worry about anything within terminal services as far permission is concern?

  • #2
    Re: Windows 2003 workgroup (read only account)

    Instead of share permissions I would use NTFS permissions as they are more granualr and you can do more with them.

    Instead of changing the default permissions on the C:\ drive why not just move your TS into an OU and apply group policy to the OU to restrict access to the C:\ drive and remove it from explorer?

    There are plenty of resources out there with information on Group Policy and how to apply it.

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Windows 2003 workgroup (read only account)

      I read "workgroup" in the title of the thread to read "no domain"

      Perhaps the OP could clarify?

      If there is a domain, GPOs are the way to go!
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Windows 2003 workgroup (read only account)

        Act first, think later. The story of my life

        My bad!

        Michael
        Michael Armstrong
        www.m80arm.co.uk
        MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Windows 2003 workgroup (read only account)

          Hi Folks,

          Thank you for all the replies.. I"m sorry that couldn't reply back right away.

          First, i wanted to clarify. there is no Domain, the servers are in a workgroup. so a group policy won't work. (please correct me if i'm wrong here)As i know if i had a group policy then i would go this route.

          With that said, I'm assuming that i'm correct with the share permission or with just modifying (adding) the group i created for that user and then going to the advance properties and just adding the group, change it to have read only.

          Is this correct?
          Last edited by gdmaddox; 17th March 2008, 21:06.

          Comment


          • #6
            Re: Windows 2003 workgroup (read only account)

            Ok. so here what i ended up doing. Please correct me if i'm wrong or doesn't seem right to you.

            So, i created that
            1) created a group (for easy future account creation)
            2) created and added that user to that group.
            3) removed any anything else in that group is a member off
            4) Went to C drive
            5) Went to the Share/Security Setting.
            6) Added the group to that C
            7) Placed the Check mark on the following:
            a) Read and Execute
            b) List folders Contents
            c) Read
            d) Deny Write.
            Then test it out (after of course I logged in previously with that users so that it already created the necessary profile information.

            Does that make sense of what i did? If not please correct me if i'm wrong.
            thanks in advance!

            So the goal here was have a user(s) in a workgroup environment that will use terminal services to have only the ability to have read only access Nothing else.

            Comment

            Working...
            X