Register

Forgot Password

Site FAQ

Home > IT Answers > Networking > Denying Windows network access

Windows Security ATE

160 pts.

Denying Windows network access

Network access, Windows Security, Windows XP

I run a computer lab in a high school. We have a multi-platform environment with 12 XP Pro machines, six Windows 2000 machines and eight Vista Home machines. We are experiencing problems with students accessing class folders and deleting files. All students log in as student. I need a strategy to prevent all student users from moving and or deleting files. They need to be able to add files to their grade level, folders.

Software/Hardware used:

ASKED: February 26, 2008 3:58 PM

UPDATED: February 29, 2008 11:36 PM

RELATED QUESTIONS

Answer Wiki:

You would do this with NTFS permissions. I would start off by creating a group that would contain all the students. Add the deny delete permission to this user to the folders and/or files that need to be more secured. At the community college where I teach, we allow read only to shared resources and then set up a student share where students can upload/copy files to that does not allow deletion.

Last Wiki Answer Submitted: February 27, 2008 4:23 pm by Jerry Lees

5,320 pts.

All Answer Wiki Contributors: Jerry Lees

5,320 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Feb 29, 2008 8:11 PM (GMT)

The answer provided certainly works, but I would also add that it will be tough to keep all of the user accounts for students, teachers, and others that you create synchronized across all of your machines without an Active Directory domain, something you can get from Windows 2000 Server, Windows Server 2003, or the newly released Windows Server 2008. You’ll be forced to make any change on all of the machines, as they will not share account information among themselves.

You might be better off to look for an old machine and an unused, genuine copy of Windows 2000 Server and join all of the machines (except the Vista Home machines — Vista Home cannot join a domain) to the domain, and then create your groups and users on the domain controller.

JonHassell

55 pts.

POSTED: Feb 29, 2008 11:36 PM (GMT)

What JonHassell stated is absolutely correct. You really need to implement a domain model because the level of administrative effort required to maintain more than 10 local computers really adds up. Doing so will allow administration and access to network resources to be centralized. You can also then better segregate groups and data; however, the eight Windows Vista Home computers would have to be upgraded or replaced.

Wrobinson

5,610 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags