Deny users access to all but one folder!
I'm trying to setup a guest account that users can login into to access email (through firefox), play DVDs (through WinDVD) and type out documents (using wordpad). I've managed to secure the shell (progman) and other programs for use with this account, but one BIG loophole still remains: the common dialog box that ...
I'm trying to setup a guest account that users can login into to access email (through firefox), play DVDs (through WinDVD) and type out documents (using wordpad).
I've managed to secure the shell (progman) and other programs for use with this account, but one BIG loophole still remains: the common dialog box that is used by firefox and wordpad to open/save files.
I want users to be able to save and load files from the "share documents" folder, but I don't want them to be able to access (ie read/list/write/execute) from ANY other folder/drive or UNC.
This is proving impossible as obviously certain files need to be accessed from the hard disks for the profile (and associated apps) to load properly.
I can hide the drives, but that doesn't prevent users from opening files they know the precise path of by typing it into the location box. This is a real problem, how do the rest of you manage?
I've managed to secure the shell (progman) and other programs for use with this account, but one BIG loophole still remains: the common dialog box that is used by firefox and wordpad to open/save files.
I want users to be able to save and load files from the "share documents" folder, but I don't want them to be able to access (ie read/list/write/execute) from ANY other folder/drive or UNC.
This is proving impossible as obviously certain files need to be accessed from the hard disks for the profile (and associated apps) to load properly.
I can hide the drives, but that doesn't prevent users from opening files they know the precise path of by typing it into the location box. This is a real problem, how do the rest of you manage?
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
