|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Permissions Quandry
This might be a real dumbo question, but I don't know how to do it - I'm thick basically :0) Each class in our school has their own user account as part of the Win2k3/AD/GPO setup. When they login, their My Docs is redirected to a folder on the server, usual setup nothing fancy. Inside the My Docs folder we have created individual folders for each pupil in the class. What I want to do is set the permissions so that the children can't rename or delete these pupil folders, but they can do anything they want inside these folders. It's just so that the folders stay where they are, don't have 'Sam Boyle999999999999999999999' names, etc Anybody who works in primary schools will know the probs. As the pupils are classed as Domain Users and the Teachers are classed as Teachers (user-defined??) and Domain Users, I also want it so that when the teachers login they have full control over these folders, ie they can rename, delete, etc. So in essence I believe that the security window for these folders will consist of 1 set of click boxes for domain users (ie the pupils) and one set of click boxes for the teachers, but I don't know what to click. Another thing to note is that the permissions on these folders currently cascade down from the master so I believe I have to uncheck the inherit box - correct? Is this possible? Thanks Hello,
you shouldn't put these folders inside My Docs. My docs is meant to be private and personal to users. Opening acccess of My docs to other users will go contrary to the MS philosophy. You should create a network drive that will provide this setup. If you have windows 2003, you may add ABE (Access Based Enumeration), so pupil won't see folders on which they don't have right, and won't be tempted to alterate them http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en Show quote "Blackberry" <info@NoSpamIt.com> wrote in message news:uVud9bQ$HHA.536@TK2MSFTNGP06.phx.gbl... > Hi All > > This might be a real dumbo question, but I don't know how to do it - I'm > thick basically :0) > > Each class in our school has their own user account as part of the > Win2k3/AD/GPO setup. > > When they login, their My Docs is redirected to a folder on the server, > usual setup nothing fancy. > > Inside the My Docs folder we have created individual folders for each > pupil > in the class. > > What I want to do is set the permissions so that the children can't rename > or delete these pupil folders, but they can do anything they want inside > these folders. It's just so that the folders stay where they are, don't > have 'Sam Boyle999999999999999999999' names, etc Anybody who works in > primary schools will know the probs. > > As the pupils are classed as Domain Users and the Teachers are classed as > Teachers (user-defined??) and Domain Users, I also want it so that when > the > teachers login they have full control over these folders, ie they can > rename, delete, etc. > > So in essence I believe that the security window for these folders will > consist of 1 set of click boxes for domain users (ie the pupils) and one > set > of click boxes for the teachers, but I don't know what to click. > > Another thing to note is that the permissions on these folders currently > cascade down from the master so I believe I have to uncheck the inherit > box - correct? > > Is this possible? > > Thanks > > > Hi Mathieu
Many thanks for all the help today. Its like you've been my personal helper :0) To explain re this setup, the kids are only 3 - 7 years old and trying to get them all to remember or even type in their own login would take half of their ICT time! In the end we went for a generic 'per class' login and no password and then in the My Docs area associated to that class there are individual folders for each child. This way they can't inadvertently delete or save their work in any other folder, but their class' work. Just to tighten this up a bit further I wanted to set the security so that the kids couldn't inadvertently delete or rename the folders, but is this not possible? We have a 'homes' drive that shows all the classes to the teacher logins and I wanted to give the teacher's access so that they could rename/delete these same files - again, is this not possible? Thanks "Mathieu CHATEAU" <gollum***@free.fr> wrote in message you shouldn't put these folders inside My Docs.news:%23z6R3NS$HHA.5328@TK2MSFTNGP05.phx.gbl... Hello, My docs is meant to be private and personal to users. Opening acccess of My docs to other users will go contrary to the MS philosophy. You should create a network drive that will provide this setup. If you have windows 2003, you may add ABE (Access Based Enumeration), so pupil won't see folders on which they don't have right, and won't be tempted to alterate them http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en Show quote "Blackberry" <info@NoSpamIt.com> wrote in message news:uVud9bQ$HHA.536@TK2MSFTNGP06.phx.gbl... > Hi All > > This might be a real dumbo question, but I don't know how to do it - I'm > thick basically :0) > > Each class in our school has their own user account as part of the > Win2k3/AD/GPO setup. > > When they login, their My Docs is redirected to a folder on the server, > usual setup nothing fancy. > > Inside the My Docs folder we have created individual folders for each > pupil > in the class. > > What I want to do is set the permissions so that the children can't rename > or delete these pupil folders, but they can do anything they want inside > these folders. It's just so that the folders stay where they are, don't > have 'Sam Boyle999999999999999999999' names, etc Anybody who works in > primary schools will know the probs. > > As the pupils are classed as Domain Users and the Teachers are classed as > Teachers (user-defined??) and Domain Users, I also want it so that when > the > teachers login they have full control over these folders, ie they can > rename, delete, etc. > > So in essence I believe that the security window for these folders will > consist of 1 set of click boxes for domain users (ie the pupils) and one > set > of click boxes for the teachers, but I don't know what to click. > > Another thing to note is that the permissions on these folders currently > cascade down from the master so I believe I have to uncheck the inherit > box - correct? > > Is this possible? > > Thanks > > > "Blackberry" <info@NoSpamIt.com> wrote in message I take it then that the teacher logs the computer into the (shared) class news:O9ovvsS$HHA.1208@TK2MSFTNGP03.phx.gbl... > Hi Mathieu > > Many thanks for all the help today. > > Its like you've been my personal helper :0) > > To explain re this setup, the kids are only 3 - 7 years old and trying to > get them all to remember or even type in their own login would take half > of > their ICT time! account. > In the end we went for a generic 'per class' login and no password If it is the students logging in, then surely some of them will figure out how to log in to the other class' accounts - no need to even guess a password. > and then But they can save their work in the folder of a classmate, or even delete > in the My Docs area associated to that class there are individual folders > for each child. This way they can't inadvertently delete or save their > work > in any other folder, but their class' work. his or her files, inadvertently or otherwise. > Just to tighten this up a bit further I wanted to set the security so that Probably possible, but your arrangement is fraught with problems if there is > the kids couldn't inadvertently delete or rename the folders, but is this > not possible? no protection on the content of those folders. /Al Show quote > We have a 'homes' drive that shows all the classes to the teacher logins > and > I wanted to give the teacher's access so that they could rename/delete > these > same files - again, is this not possible? > > Thanks > > > > "Mathieu CHATEAU" <gollum***@free.fr> wrote in message > news:%23z6R3NS$HHA.5328@TK2MSFTNGP05.phx.gbl... > Hello, > > you shouldn't put these folders inside My Docs. > My docs is meant to be private and personal to users. Opening acccess of > My > docs to other users will go contrary to the MS philosophy. > > You should create a network drive that will provide this setup. > > If you have windows 2003, you may add ABE (Access Based Enumeration), so > pupil won't see folders on which they don't have right, and won't be > tempted to alterate them > http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en > > > > -- > Cordialement, > Mathieu CHATEAU > http://lordoftheping.blogspot.com > > > "Blackberry" <info@NoSpamIt.com> wrote in message > news:uVud9bQ$HHA.536@TK2MSFTNGP06.phx.gbl... >> Hi All >> >> This might be a real dumbo question, but I don't know how to do it - I'm >> thick basically :0) >> >> Each class in our school has their own user account as part of the >> Win2k3/AD/GPO setup. >> >> When they login, their My Docs is redirected to a folder on the server, >> usual setup nothing fancy. >> >> Inside the My Docs folder we have created individual folders for each >> pupil >> in the class. >> >> What I want to do is set the permissions so that the children can't >> rename >> or delete these pupil folders, but they can do anything they want inside >> these folders. It's just so that the folders stay where they are, don't >> have 'Sam Boyle999999999999999999999' names, etc Anybody who works in >> primary schools will know the probs. >> >> As the pupils are classed as Domain Users and the Teachers are classed as >> Teachers (user-defined??) and Domain Users, I also want it so that when >> the >> teachers login they have full control over these folders, ie they can >> rename, delete, etc. >> >> So in essence I believe that the security window for these folders will >> consist of 1 set of click boxes for domain users (ie the pupils) and one >> set >> of click boxes for the teachers, but I don't know what to click. >> >> Another thing to note is that the permissions on these folders currently >> cascade down from the master so I believe I have to uncheck the inherit >> box - correct? >> >> Is this possible? >> >> Thanks >> >> >> > > ok, i better understand ...
It's not again ugly hacker, just to protect themselves ;) You may have security warning in the event log, because windows expect exclusive access to MyDoc from the owner. Show quote "Blackberry" <info@NoSpamIt.com> wrote in message news:O9ovvsS$HHA.1208@TK2MSFTNGP03.phx.gbl... > Hi Mathieu > > Many thanks for all the help today. > > Its like you've been my personal helper :0) > > To explain re this setup, the kids are only 3 - 7 years old and trying to > get them all to remember or even type in their own login would take half > of > their ICT time! > > In the end we went for a generic 'per class' login and no password and > then > in the My Docs area associated to that class there are individual folders > for each child. This way they can't inadvertently delete or save their > work > in any other folder, but their class' work. > > Just to tighten this up a bit further I wanted to set the security so that > the kids couldn't inadvertently delete or rename the folders, but is this > not possible? > > We have a 'homes' drive that shows all the classes to the teacher logins > and > I wanted to give the teacher's access so that they could rename/delete > these > same files - again, is this not possible? > > Thanks > > > > "Mathieu CHATEAU" <gollum***@free.fr> wrote in message > news:%23z6R3NS$HHA.5328@TK2MSFTNGP05.phx.gbl... > Hello, > > you shouldn't put these folders inside My Docs. > My docs is meant to be private and personal to users. Opening acccess of > My > docs to other users will go contrary to the MS philosophy. > > You should create a network drive that will provide this setup. > > If you have windows 2003, you may add ABE (Access Based Enumeration), so > pupil won't see folders on which they don't have right, and won't be > tempted to alterate them > http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en > > > > -- > Cordialement, > Mathieu CHATEAU > http://lordoftheping.blogspot.com > > > "Blackberry" <info@NoSpamIt.com> wrote in message > news:uVud9bQ$HHA.536@TK2MSFTNGP06.phx.gbl... >> Hi All >> >> This might be a real dumbo question, but I don't know how to do it - I'm >> thick basically :0) >> >> Each class in our school has their own user account as part of the >> Win2k3/AD/GPO setup. >> >> When they login, their My Docs is redirected to a folder on the server, >> usual setup nothing fancy. >> >> Inside the My Docs folder we have created individual folders for each >> pupil >> in the class. >> >> What I want to do is set the permissions so that the children can't >> rename >> or delete these pupil folders, but they can do anything they want inside >> these folders. It's just so that the folders stay where they are, don't >> have 'Sam Boyle999999999999999999999' names, etc Anybody who works in >> primary schools will know the probs. >> >> As the pupils are classed as Domain Users and the Teachers are classed as >> Teachers (user-defined??) and Domain Users, I also want it so that when >> the >> teachers login they have full control over these folders, ie they can >> rename, delete, etc. >> >> So in essence I believe that the security window for these folders will >> consist of 1 set of click boxes for domain users (ie the pupils) and one >> set >> of click boxes for the teachers, but I don't know what to click. >> >> Another thing to note is that the permissions on these folders currently >> cascade down from the master so I believe I have to uncheck the inherit >> box - correct? >> >> Is this possible? >> >> Thanks >> >> >> > >  |
|||||||||||||||||||||||
Other interesting topics