|
web
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Permissions ?I'm trying to utilize my HOSTS file to tighten security for internet use.
What permissions do I need to set so Power Users can't change, or maybe even view it, but allow Administrator Full Control? -- David have you tried using NTFS permissions?
Show quoteHide quote "David" <dturner4_1***@yahoo.com> wrote in message news:uV4eBZALFHA.3928@TK2MSFTNGP09.phx.gbl... > I'm trying to utilize my HOSTS file to tighten security for internet use. > What permissions do I need to set so Power Users can't change, or maybe > even view it, but allow Administrator Full Control? > > -- > David Andrei Ungureanu wrote
> have you tried using NTFS permissions? Those are the ones I'm asking about. I want the HOSTS file to affect all users, but only Administrators (me) to be able to view/edit it. When I look under Security tab of file's Properties, I'm not sure who (I want minimum) I should Add beyond Administrators and which of those boxes (assuming Full Control for Administrators) I should check. All the generic explanations of Read, Execute, etc. I've read are for geekier people than me. I need something like "If you want, do this." The reason I'm asking is I've had a HOSTS file for quite some time with only Administrators listed under Security (thought that's all I needed to secure it if no others were Added) and recently found out (to my dismay) that nothing in it was getting blocked when other User's browsed the Web. -- David I'm still not understanding what you really want.
If only Administrators group is listed in the security tab then this file can't be modified or even viewed by normal users. Are you sure that those users are not part of the Administrators group. Show quoteHide quote "David" <dturner4_1***@yahoo.com> wrote in message news:eWDiLcMLFHA.2764@tk2msftngp13.phx.gbl... > Andrei Ungureanu wrote > >> have you tried using NTFS permissions? > > Those are the ones I'm asking about. I want the HOSTS file to affect all > users, but only Administrators (me) to be able to view/edit it. When I > look > under Security tab of file's Properties, I'm not sure who (I want minimum) > I should Add beyond Administrators and which of those boxes (assuming Full > Control for Administrators) I should check. All the generic explanations > of > Read, Execute, etc. I've read are for geekier people than me. I need > something like "If you want, do this." > > The reason I'm asking is I've had a HOSTS file for quite some time with > only Administrators listed under Security (thought that's all I needed to > secure it if no others were Added) and recently found out (to my dismay) > that nothing in it was getting blocked when other User's browsed the Web. > > -- > David Andrei Ungureanu wrote
> I'm still not understanding what you really want. I've recently discovered:> If only Administrators group is listed in the security tab then this > file can't be modified or even viewed by normal users. Are you sure > that those users are not part of the Administrators group. With only Administrators group listed, then HOSTS file has no effect on the two 'Power Users' (the only other users set up on these machines and *not* part of the Administrators group). I don't want them to have *any* access to the HOSTS file, but still have it affect them. I think I've accomplished that (no access) by limiting permissions on the folder where HOSTS resides to Administrators. See follow up to Gary Smith for what is currently working "as desired". -- David Maybe this will help. These are default settings. On my system,
Administrators and SYSTEM have Full Control. I don't know what the effect of removing SYSTEM might be, but if your system isn't behaving the way you want, I'd put it back. In addition, Users and Power Users have Read & Execute permission. Since ordinary users don't have any permissions for the file on your system, that could be why it does't work for them. David <dturner4_1***@yahoo.com> wrote: Show quoteHide quote > Andrei Ungureanu wrote >> have you tried using NTFS permissions? > Those are the ones I'm asking about. I want the HOSTS file to affect all > users, but only Administrators (me) to be able to view/edit it. When I look > under Security tab of file's Properties, I'm not sure who (I want minimum) > I should Add beyond Administrators and which of those boxes (assuming Full > Control for Administrators) I should check. All the generic explanations of > Read, Execute, etc. I've read are for geekier people than me. I need > something like "If you want, do this." > The reason I'm asking is I've had a HOSTS file for quite some time with > only Administrators listed under Security (thought that's all I needed to > secure it if no others were Added) and recently found out (to my dismay) > that nothing in it was getting blocked when other User's browsed the Web. -- Gary L. Smith gls***@yahoo.com Columbus, Ohio Gary Smith wrote
> Maybe this will help. These are default settings. On my system, Thanks for your input.> Administrators and SYSTEM have Full Control. I don't know what the > effect of removing SYSTEM might be, but if your system isn't behaving > the way you want, I'd put it back. In addition, Users and Power Users > have Read & Execute permission. Since ordinary users don't have any > permissions for the file on your system, that could be why it does't > work for them. I've been using trial and error to do this which "works": Add(ed) 'Administrators' & gave Full Control SYSTEM is absent There are no 'Users', only 'Power Users'. Add(ed) them by specific account name, leaving default Read & Execute Your post indicates I could Remove those and just Add 'Power Users'. I guess my confusion arrises when I ponder how a HOSTS file could be Execute(d), and whether 'Read' alone would suffice. Still learning, -- David 
Other interesting topics
security updates
USB question Stop Error Message win2000 makes files readonly on CD Corrupted c:\winnt\system32\config\system file Help with duplicate USB printer msie, win explorer, control panel all generate error, won't open Problem with Local Password Policy PCMCIA Hard Drive drive letter change? |
|||||||||||||||||||||||
