- Jan 24, 2009
- 12
- 0
- 18,510
Hello all,
Back again with another brain buster, at least for me.
So to get right into it I decided to setup a small file share across my home network using an alternate account that can only access the shared folders and only has 3 folders available to it that it can add/delete items to/from. Simple enough.
My problem is that when I use the alternate account to login to my box remotely (RDP) I am able to make any changes to the computer I want including being able to change folder permissions, change the administrator login information, etc... as if that account has admin rights to the box. I have attempted to use the Parental controls to disable that account from being able to use any application at all but I can simply remote in with the alternate account and change them back, giving me full access to everything once again.
The alternate account is ONLY in the USERS group and I have been able to impliment a workaround for this by denying terminal services to the USERS group via secpol.msc but I am still able to use one of the other PC's in my home to edit folder permissions thus destroying the shared data if I so choose to.
What I would like to know is how can I create a user account that is only used to map to folders and not able to change any of the permissions?
I think I just confused myself so if you need more clarification please let me know what info you need....ANY help is appreciated, thank you!
Back again with another brain buster, at least for me.
So to get right into it I decided to setup a small file share across my home network using an alternate account that can only access the shared folders and only has 3 folders available to it that it can add/delete items to/from. Simple enough.
My problem is that when I use the alternate account to login to my box remotely (RDP) I am able to make any changes to the computer I want including being able to change folder permissions, change the administrator login information, etc... as if that account has admin rights to the box. I have attempted to use the Parental controls to disable that account from being able to use any application at all but I can simply remote in with the alternate account and change them back, giving me full access to everything once again.
The alternate account is ONLY in the USERS group and I have been able to impliment a workaround for this by denying terminal services to the USERS group via secpol.msc but I am still able to use one of the other PC's in my home to edit folder permissions thus destroying the shared data if I so choose to.
What I would like to know is how can I create a user account that is only used to map to folders and not able to change any of the permissions?
I think I just confused myself so if you need more clarification please let me know what info you need....ANY help is appreciated, thank you!
Facebook
Twitter
Instagram