I am having a problem with making folders completely
secure on my computer with Windows XP. There are
currently 5 users, all with different levels of security
on specific folders. I tried the encryption route, but
that didnt work too well so i tried setting permissions
for all my users from the admin account, but when i went
into the other accounts, i found that the other users
could change access levels of the rest of the users, they
could allow/disallow privlidges on folders. I do not want
anyone to be able to change permissions except for the
admin account. If possible i would like to not allow the
security tab in the properties of a folder to be displayed
at all to anyone except for the admin. How can i prevent
this from happening....does it have something to do with
auditing? *HELP*

Stay away from encryption until you fully understand these documents
to keep from permanently losing the data.
EFS is very good at what it does and there is no back door.
http://www.microsoft.com/windowsxp/pro/techinfo/administration/recovery/default.asp
(58 pages)
http://support.microsoft.com/?id=223316

Is file system NTFS? you need to be for any kind of security.
Disable Simple File Sharing:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q307874&

Are other users Administrators?
Any Administrator can do and undo anything any Administrator can do.
You are best to have two accounts for yourself, Administrator for
administrative tasks and Limited User for everything else.
All other accounts should be Limited Users otherwise they can do
anything as Administrator.
Each user that desires privacy should also set a password.

--
Jupiter Jones
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
Please respond to newsgroup only for everyone's benefit.


"GHS-Apathy" > wrote in message
...
> I am having a problem with making folders completely
> secure on my computer with Windows XP. There are
> currently 5 users, all with different levels of security
> on specific folders. I tried the encryption route, but
> that didnt work too well so i tried setting permissions
> for all my users from the admin account, but when i went
> into the other accounts, i found that the other users
> could change access levels of the rest of the users, they
> could allow/disallow privlidges on folders. I do not want
> anyone to be able to change permissions except for the
> admin account. If possible i would like to not allow the
> security tab in the properties of a folder to be displayed
> at all to anyone except for the admin. How can i prevent
> this from happening....does it have something to do with
> auditing? *HELP*

ok, heres a run down on how the computer is setup...

im a student at greenwich highschool in 11th grade. in
the computer graphics classroom that iam in, there are
multiple computers. only one of them has windows xp at
the moment, so im trying to figure out how to setup the
security on that computer so we can set it up on all the
rest of the computers when XP is put on them.

now on the one computer with windows xp, there will be a
total of 5 users. 1 admin, and 4 (limited access) users
with different levels of access. there are 5 different
programs, and each level of user has a different level of
access to each program. 3 users might have access to
program A while 2 users have no access at all.

i have setup all the accounts, and created dummy program
folders for testing the security. so i set permissions
for all the different users for the programs. everything
from there works fine, but there is a problem. if i go
into the user with the lowest level of access, i can still
goto the security tab and change access for all the other
users. i do not want anyone to be able to change
permissions but the admin. the users are only being
denyed/allowed access to 5 different folders all shared in
the shared documents folder. the ONLY problem i have is
that anyone can go in and add/remove and alter the
permissions for any of the users. i want only the admin
to have those rights. how do i change it so that no other
user can change any of the permissions. when i use
advanced permission editing from the admin account, i set
it so that the other user is not able to read/change/take
ownership of the folder. but when i go into the other
user, i try to view security on the folder and something
pops up saying that i cant change anything about the
permissions, but it says that i can "take ownership or
edit the auditing". so i go in as the limited user, make
myself the owner and now i can add/change/remove/edit the
permissions and security. now obviously most people wont
go this far to try to do all this, but if there is 1
person that will, then they can screw it up for everyone
else. help me again ---GHS-Apathy

>-----Original Message-----
>Stay away from encryption until you fully understand
these documents
>to keep from permanently losing the data.
>EFS is very good at what it does and there is no back
door.
>http://www.microsoft.com/windowsxp/pro/techinfo/administra
tion/recovery/default.asp
>(58 pages)
>http://support.microsoft.com/?id=223316
>
>Is file system NTFS? you need to be for any kind of
security.
>Disable Simple File Sharing:
>http://support.microsoft.com/default.aspx?scid=KB;EN-
US;Q307874&
>
>Are other users Administrators?
>Any Administrator can do and undo anything any
Administrator can do.
>You are best to have two accounts for yourself,
Administrator for
>administrative tasks and Limited User for everything else.
>All other accounts should be Limited Users otherwise they
can do
>anything as Administrator.
>Each user that desires privacy should also set a password.
>
>--
>Jupiter Jones
>An easier way to read newsgroup messages:
>http://www.microsoft.com/windowsxp/pro/using/newsgroups/se
tup.asp
>Please respond to newsgroup only for everyone's benefit.
>
>
>"GHS-Apathy" > wrote in message
...
>> I am having a problem with making folders completely
>> secure on my computer with Windows XP. There are
>> currently 5 users, all with different levels of security
>> on specific folders. I tried the encryption route, but
>> that didnt work too well so i tried setting permissions
>> for all my users from the admin account, but when i went
>> into the other accounts, i found that the other users
>> could change access levels of the rest of the users,
they
>> could allow/disallow privlidges on folders. I do not
want
>> anyone to be able to change permissions except for the
>> admin account. If possible i would like to not allow
the
>> security tab in the properties of a folder to be
displayed
>> at all to anyone except for the admin. How can i
prevent
>> this from happening....does it have something to do with
>> auditing? *HELP*
>
>
>.
>

Can they change the access for items under any profile or just theirs.
Users and Administrators can control the files.

--
Jupiter Jones
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
Please respond to newsgroup only for everyone's benefit.


"GHS-Apathy" > wrote in message
...
> ok, heres a run down on how the computer is setup...
>
> im a student at greenwich highschool in 11th grade. in
> the computer graphics classroom that iam in, there are
> multiple computers. only one of them has windows xp at
> the moment, so im trying to figure out how to setup the
> security on that computer so we can set it up on all the
> rest of the computers when XP is put on them.
>
> now on the one computer with windows xp, there will be a
> total of 5 users. 1 admin, and 4 (limited access) users
> with different levels of access. there are 5 different
> programs, and each level of user has a different level of
> access to each program. 3 users might have access to
> program A while 2 users have no access at all.
>
> i have setup all the accounts, and created dummy program
> folders for testing the security. so i set permissions
> for all the different users for the programs. everything
> from there works fine, but there is a problem. if i go
> into the user with the lowest level of access, i can still
> goto the security tab and change access for all the other
> users. i do not want anyone to be able to change
> permissions but the admin. the users are only being
> denyed/allowed access to 5 different folders all shared in
> the shared documents folder. the ONLY problem i have is
> that anyone can go in and add/remove and alter the
> permissions for any of the users. i want only the admin
> to have those rights. how do i change it so that no other
> user can change any of the permissions. when i use
> advanced permission editing from the admin account, i set
> it so that the other user is not able to read/change/take
> ownership of the folder. but when i go into the other
> user, i try to view security on the folder and something
> pops up saying that i cant change anything about the
> permissions, but it says that i can "take ownership or
> edit the auditing". so i go in as the limited user, make
> myself the owner and now i can add/change/remove/edit the
> permissions and security. now obviously most people wont
> go this far to try to do all this, but if there is 1
> person that will, then they can screw it up for everyone
> else. help me again ---GHS-Apathy
>
> >-----Original Message-----
> >Stay away from encryption until you fully understand
> these documents
> >to keep from permanently losing the data.
> >EFS is very good at what it does and there is no back
> door.
> >http://www.microsoft.com/windowsxp/pro/techinfo/administra
> tion/recovery/default.asp
> >(58 pages)
> >http://support.microsoft.com/?id=223316
> >
> >Is file system NTFS? you need to be for any kind of
> security.
> >Disable Simple File Sharing:
> >http://support.microsoft.com/default.aspx?scid=KB;EN-
> US;Q307874&
> >
> >Are other users Administrators?
> >Any Administrator can do and undo anything any
> Administrator can do.
> >You are best to have two accounts for yourself,
> Administrator for
> >administrative tasks and Limited User for everything else.
> >All other accounts should be Limited Users otherwise they
> can do
> >anything as Administrator.
> >Each user that desires privacy should also set a password.
> >
> >--
> >Jupiter Jones
> >An easier way to read newsgroup messages:
> >http://www.microsoft.com/windowsxp/pro/using/newsgroups/se
> tup.asp
> >Please respond to newsgroup only for everyone's benefit.
> >
> >
> >"GHS-Apathy" > wrote in message
> ...
> >> I am having a problem with making folders completely
> >> secure on my computer with Windows XP. There are
> >> currently 5 users, all with different levels of security
> >> on specific folders. I tried the encryption route, but
> >> that didnt work too well so i tried setting permissions
> >> for all my users from the admin account, but when i went
> >> into the other accounts, i found that the other users
> >> could change access levels of the rest of the users,
> they
> >> could allow/disallow privlidges on folders. I do not
> want
> >> anyone to be able to change permissions except for the
> >> admin account. If possible i would like to not allow
> the
> >> security tab in the properties of a folder to be
> displayed
> >> at all to anyone except for the admin. How can i
> prevent
> >> this from happening....does it have something to do with
> >> auditing? *HELP*
> >
> >
> >.
> >

This "Users and Administrators can control the files."
Should have been "Users and Administrators can control the files in
the users own profile."

--
Jupiter Jones
Check the following link for some great problem solving newsgroups.
http://support.microsoft.com/newsgroups/default.aspx
Please respond to newsgroup only. Everyone can benefit from the
message.


"Jupiter Jones" > wrote in message
...
> Can they change the access for items under any profile or just
theirs.
> Users and Administrators can control the files.
>
> --
> Jupiter Jones
> An easier way to read newsgroup messages:
> http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp
> Please respond to newsgroup only for everyone's benefit.
>
>
> "GHS-Apathy" > wrote in message
> ...
> > ok, heres a run down on how the computer is setup...
> >
> > im a student at greenwich highschool in 11th grade. in
> > the computer graphics classroom that iam in, there are
> > multiple computers. only one of them has windows xp at
> > the moment, so im trying to figure out how to setup the
> > security on that computer so we can set it up on all the
> > rest of the computers when XP is put on them.
> >
> > now on the one computer with windows xp, there will be a
> > total of 5 users. 1 admin, and 4 (limited access) users
> > with different levels of access. there are 5 different
> > programs, and each level of user has a different level of
> > access to each program. 3 users might have access to
> > program A while 2 users have no access at all.
> >
> > i have setup all the accounts, and created dummy program
> > folders for testing the security. so i set permissions
> > for all the different users for the programs. everything
> > from there works fine, but there is a problem. if i go
> > into the user with the lowest level of access, i can still
> > goto the security tab and change access for all the other
> > users. i do not want anyone to be able to change
> > permissions but the admin. the users are only being
> > denyed/allowed access to 5 different folders all shared in
> > the shared documents folder. the ONLY problem i have is
> > that anyone can go in and add/remove and alter the
> > permissions for any of the users. i want only the admin
> > to have those rights. how do i change it so that no other
> > user can change any of the permissions. when i use
> > advanced permission editing from the admin account, i set
> > it so that the other user is not able to read/change/take
> > ownership of the folder. but when i go into the other
> > user, i try to view security on the folder and something
> > pops up saying that i cant change anything about the
> > permissions, but it says that i can "take ownership or
> > edit the auditing". so i go in as the limited user, make
> > myself the owner and now i can add/change/remove/edit the
> > permissions and security. now obviously most people wont
> > go this far to try to do all this, but if there is 1
> > person that will, then they can screw it up for everyone
> > else. help me again ---GHS-Apathy
> >
> > >-----Original Message-----
> > >Stay away from encryption until you fully understand
> > these documents
> > >to keep from permanently losing the data.
> > >EFS is very good at what it does and there is no back
> > door.
> > >http://www.microsoft.com/windowsxp/pro/techinfo/administra
> > tion/recovery/default.asp
> > >(58 pages)
> > >http://support.microsoft.com/?id=223316
> > >
> > >Is file system NTFS? you need to be for any kind of
> > security.
> > >Disable Simple File Sharing:
> > >http://support.microsoft.com/default.aspx?scid=KB;EN-
> > US;Q307874&
> > >
> > >Are other users Administrators?
> > >Any Administrator can do and undo anything any
> > Administrator can do.
> > >You are best to have two accounts for yourself,
> > Administrator for
> > >administrative tasks and Limited User for everything else.
> > >All other accounts should be Limited Users otherwise they
> > can do
> > >anything as Administrator.
> > >Each user that desires privacy should also set a password.
> > >
> > >--
> > >Jupiter Jones
> > >An easier way to read newsgroup messages:
> > >http://www.microsoft.com/windowsxp/pro/using/newsgroups/se
> > tup.asp
> > >Please respond to newsgroup only for everyone's benefit.
> > >
> > >
> > >"GHS-Apathy" > wrote in message
> > ...
> > >> I am having a problem with making folders completely
> > >> secure on my computer with Windows XP. There are
> > >> currently 5 users, all with different levels of security
> > >> on specific folders. I tried the encryption route, but
> > >> that didnt work too well so i tried setting permissions
> > >> for all my users from the admin account, but when i went
> > >> into the other accounts, i found that the other users
> > >> could change access levels of the rest of the users,
> > they
> > >> could allow/disallow privlidges on folders. I do not
> > want
> > >> anyone to be able to change permissions except for the
> > >> admin account. If possible i would like to not allow
> > the
> > >> security tab in the properties of a folder to be
> > displayed
> > >> at all to anyone except for the admin. How can i
> > prevent
> > >> this from happening....does it have something to do with
> > >> auditing? *HELP*
> > >
> > >
> > >.
> > >
>
>

the files are not in anyones specific profile, they are in
the shared documents folder so that anyone can access them
from the central folder. But even if the files/folders
were just in someones profile, or if they are in a shared
documents folder like they are now, shouldnt the
administrator account be able to allow/disallow security
privlidges. ive made it so that some accounts have access
to some of the files in the shared documents folder, and
that works fine unless one of the other user accounts goes
in and changed the ownership and begins to modify stuff.


>-----Original Message-----
>This "Users and Administrators can control the files."
>Should have been "Users and Administrators can control
the files in
>the users own profile."
>
>--
>Jupiter Jones
>Check the following link for some great problem solving
newsgroups.
>http://support.microsoft.com/newsgroups/default.aspx
>Please respond to newsgroup only. Everyone can benefit
from the
>message.
>
>
>"Jupiter Jones" > wrote in
message
...
>> Can they change the access for items under any profile
or just
>theirs.
>> Users and Administrators can control the files.
>>
>> --
>> Jupiter Jones
>> An easier way to read newsgroup messages:
>>
http://www.microsoft.com/windowsxp/pro/using/newsgroups/set
up.asp
>> Please respond to newsgroup only for everyone's benefit.
>>
>>
>> "GHS-Apathy" > wrote in message
>> ...
>> > ok, heres a run down on how the computer is setup...
>> >
>> > im a student at greenwich highschool in 11th grade.
in
>> > the computer graphics classroom that iam in, there are
>> > multiple computers. only one of them has windows xp
at
>> > the moment, so im trying to figure out how to setup
the
>> > security on that computer so we can set it up on all
the
>> > rest of the computers when XP is put on them.
>> >
>> > now on the one computer with windows xp, there will
be a
>> > total of 5 users. 1 admin, and 4 (limited access)
users
>> > with different levels of access. there are 5
different
>> > programs, and each level of user has a different
level of
>> > access to each program. 3 users might have access to
>> > program A while 2 users have no access at all.
>> >
>> > i have setup all the accounts, and created dummy
program
>> > folders for testing the security. so i set
permissions
>> > for all the different users for the programs.
everything
>> > from there works fine, but there is a problem. if i
go
>> > into the user with the lowest level of access, i can
still
>> > goto the security tab and change access for all the
other
>> > users. i do not want anyone to be able to change
>> > permissions but the admin. the users are only being
>> > denyed/allowed access to 5 different folders all
shared in
>> > the shared documents folder. the ONLY problem i have
is
>> > that anyone can go in and add/remove and alter the
>> > permissions for any of the users. i want only the
admin
>> > to have those rights. how do i change it so that no
other
>> > user can change any of the permissions. when i use
>> > advanced permission editing from the admin account, i
set
>> > it so that the other user is not able to
read/change/take
>> > ownership of the folder. but when i go into the other
>> > user, i try to view security on the folder and
something
>> > pops up saying that i cant change anything about the
>> > permissions, but it says that i can "take ownership or
>> > edit the auditing". so i go in as the limited user,
make
>> > myself the owner and now i can add/change/remove/edit
the
>> > permissions and security. now obviously most people
wont
>> > go this far to try to do all this, but if there is 1
>> > person that will, then they can screw it up for
everyone
>> > else. help me again ---GHS-Apathy
>> >
>> > >-----Original Message-----
>> > >Stay away from encryption until you fully understand
>> > these documents
>> > >to keep from permanently losing the data.
>> > >EFS is very good at what it does and there is no back
>> > door.
>> >
>http://www.microsoft.com/windowsxp/pro/techinfo/administra
>> > tion/recovery/default.asp
>> > >(58 pages)
>> > >http://support.microsoft.com/?id=223316
>> > >
>> > >Is file system NTFS? you need to be for any kind of
>> > security.
>> > >Disable Simple File Sharing:
>> > >http://support.microsoft.com/default.aspx?scid=KB;EN-
>> > US;Q307874&
>> > >
>> > >Are other users Administrators?
>> > >Any Administrator can do and undo anything any
>> > Administrator can do.
>> > >You are best to have two accounts for yourself,
>> > Administrator for
>> > >administrative tasks and Limited User for everything
else.
>> > >All other accounts should be Limited Users otherwise
they
>> > can do
>> > >anything as Administrator.
>> > >Each user that desires privacy should also set a
password.
>> > >
>> > >--
>> > >Jupiter Jones
>> > >An easier way to read newsgroup messages:
>> >
>http://www.microsoft.com/windowsxp/pro/using/newsgroups/se
>> > tup.asp
>> > >Please respond to newsgroup only for everyone's
benefit.
>> > >
>> > >
>> > >"GHS-Apathy" > wrote in message
>> > ...
>> > >> I am having a problem with making folders
completely
>> > >> secure on my computer with Windows XP. There are
>> > >> currently 5 users, all with different levels of
security
>> > >> on specific folders. I tried the encryption
route, but
>> > >> that didnt work too well so i tried setting
permissions
>> > >> for all my users from the admin account, but when
i went
>> > >> into the other accounts, i found that the other
users
>> > >> could change access levels of the rest of the
users,
>> > they
>> > >> could allow/disallow privlidges on folders. I do
not
>> > want
>> > >> anyone to be able to change permissions except for
the
>> > >> admin account. If possible i would like to not
allow
>> > the
>> > >> security tab in the properties of a folder to be
>> > displayed
>> > >> at all to anyone except for the admin. How can i
>> > prevent
>> > >> this from happening....does it have something to
do with
>> > >> auditing? *HELP*
>> > >
>> > >
>> > >.
>> > >
>>
>>
>
>
>.
>