What's new

Second Internal Drive Permissions to Block Other Users

rinconmike

Member
Member
I am setting up a new computer with Windows 8.1. I have added a 6TB second drive to the system that I am putting my Files on. I want only the Admin username to have access to this drive and block other users (other users are my kids).

Is blocking other users as simple as going to the security tab and remove "Users(XX\Users)" and just leave Authenticated Users, System, and Administrators? Should I add in this admin username too?

thanks,

Mike
 

My Computer

System One

  • OS
    Windows 7 Ultimate

Brink

Administrator
Administrator
mvp
Hello Mike,

If you like, another option would be to use BitLocker to encrypt the hard drive, and use a password to be able to unlock it. This way no one without the password would be able to access the hard drive.

This would be a lot more secure. Just be sure to back up your BitLocker recovery key to a separate location in case you may need it in the future.

http://www.eightforums.com/tutorials/21115-bitlocker-turn-fixed-data-drives-windows-8-a.html

Hope this helps. :)
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

rinconmike

Member
Member
Thanks. I plan on using this as a server and keep the admin user logged in in the background but another user active. I will then map network drives to this shared drive so the other users on the machine can have some access as well as other computers on my network.

I never used bit locker so not sure if i can map network drives with it. Also, i use dropbox so not sure how that comes into play with bitlocker either. Dropbox folder is on this second drive.

For now, just want to limit access to the drive.

Mike
 

My Computer

System One

  • OS
    Windows 7 Ultimate

Brink

Administrator
Administrator
mvp
I haven't mapped a BitLocker encrypted drive, or used it with sharing before. From the link below, you should be able to, but be sure to see the last post to help avoid losing your shares though.

Losing Network Shares on BitLocker Drive Unlock
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

rinconmike

Member
Member
I do not want to use bit locker. I did a test on one directory and I had to remove the folder inheritance and then remove "Users(XX\Users)" and "Authenticated Users".

I think I am going to do just directories (like by Dropbox and maybe one or two more) and not the entire drive since I may still want to have that user be able to use part of that drive.

Is doing it this way ok or am I going to have issues later on?

thanks,
 

My Computer

System One

  • OS
    Windows 7 Ultimate

Brink

Administrator
Administrator
mvp
Directories would be easier to use for this than the whole drive. Please let us know how it went.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

rinconmike

Member
Member
thanks. So removing the folder inheritance and then removing "Users(XX\Users)" and "Authenticated Users" sounds correct?.

Also, any reason doing just directories and not the entire drive is easier? The steps appear to be the same with the exception on not having to remove the inheritance.

Last, when I removed the inheritance, I had two options.

"Convert inherited permissions into explicit permissions on this object"

and

"Remove all inherited permissions from this object"

I chose the first. I assume that is correct. Then I removed the two users -
"Users(XX\Users)" and "Authenticated Users".

thanks again.


 

My Computer

System One

  • OS
    Windows 7 Ultimate

Brink

Administrator
Administrator
mvp
It would be the same for the drive and folders with permissions, but you just have more with a drive since it includes all folders as well.

That's correct. You would select "Convert inherited permissions into explicit permissions on this object" to set your own permission settings for a group or user instead of removing them all.

I wouldn't remove "Authenticated Users" or "SYSTEM".

Be sure to also add each user that you want to have access as well. With the "Users" group removed, any user not listed will not have access.

http://www.eightforums.com/tutorial...low-deny-access-users-groups-windows-8-a.html
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

rinconmike

Member
Member
I wouldn't remove "Authenticated Users" or "SYSTEM".

If I do not remove "Authenticated Users" then the other users still have access. Is that suppose to happen?

I read online that "Authenticated Users encompasses all users who have logged in with a username and password." With that, I assume if I do not delete the "Authenticated Users", any standard user would still have access. So I would need to delete "Authenticated Users." Does that sound correct?
 

My Computer

System One

  • OS
    Windows 7 Ultimate

Brink

Administrator
Administrator
mvp
You're correct. I was thinking of something else. :eek:
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

rinconmike

Member
Member
Well, I have it working. But now I want to share the drive with mapped network. Although I add the standard user under permissions for the mapped drive, the standard user has no access. My guess is this has something to do with the settings on the security tab, but I am not sure. maybe if the standard user is not listed under security, even if I add it to the permissions under the sharing, it does not work.

Any ideas?

Mike
 
Last edited:

My Computer

System One

  • OS
    Windows 7 Ultimate

rinconmike

Member
Member
One work around, but not sure if a good idea or not is to go into the Computer Management/Local Users, add another user that I can use for mapped drives.

So I now have "standarduser" and "standarduser2" where "standarduser" has a profile and "standarduser2" is just a username added in the Computer Management.

Now under security tab, I deleted Users and Authenticate Users and did not add in "standarduser" but I did add in "standarduser2" for full control. Then under sharing, I add in "standarduser2" and give permissions I want to (most cases read only and some full). Now under the "standarduser" profile when logged in, I map the network drive but choose use different credentials and use the "standarduser2".

Previous to this new computer, I had one acting as a server and another that the standard user would use. I figured I could get away with one computer that can act as the server under one lohin and allow the "standarduser" to use it under another.

Any better ideas?
 

My Computer

System One

  • OS
    Windows 7 Ultimate

Brink

Administrator
Administrator
mvp

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

Brink

Administrator
Administrator
mvp
Yeah, the user would need be under security permissions as well.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

rinconmike

Member
Member
thanks. so I I want to block the standard user from accessing the drive I need to remove Users and Authenticated Users. And if I then want to give access to certain areas of the drive via mapped drive, I need to do my work around. I guess I can just change permissions to other subfolders too instead but I still need to map drives for other computers so my work around may be easier.

Another question. I have another external drive I have been playing with and for that drive, I went ahead and change the security for the entire drive instead of folders. Now, When I go to add back in a user for the entire drive, I get an error on failed to enumerate the recyclebin and system volume. I just hit continue. Is that an issue. Hindsight I should have stuck with what I did on the first drive and just do the top folders and not the whole drive like suggested earlier in the thread.

1. Is this an issue on the failed to enumerate?
2. Anyway to get the drive back to default without formatting it first?

thanks again.
 

My Computer

System One

  • OS
    Windows 7 Ultimate

Brink

Administrator
Administrator
mvp
Another option to block a user is to add them, and check "Deny" for everything.

The failed to enumerate was for it not be able to change the permissions for the recyclebin and system volume. Test to be sure, but it shouldn't matter for them.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

rinconmike

Member
Member
Another option to block a user is to add them, and check "Deny" for everything.

The failed to enumerate was for it not be able to change the permissions for the recyclebin and system volume. Test to be sure, but it shouldn't matter for them.

Thanks. I will try the deny.

How do I test the the recyclebin and system volume? Those were the only two items it failed to enumerate. From what I see, the only permissions they should have is system, which they have.
 

My Computer

System One

  • OS
    Windows 7 Ultimate

Brink

Administrator
Administrator
mvp
Basically just seeing if the user has access or not for what you set on the drive.
 

My Computer

System One

  • OS
    64-bit Windows 10
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom self built
    CPU
    Intel i7-8700K OC'd to 5 GHz
    Motherboard
    ASUS ROG Maximus XI Formula Z390
    Memory
    16 GB (8GBx2) G.SKILL TridentZ DDR4 3200 MHz
    Graphics Card(s)
    ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
    Sound Card
    Integrated Digital Audio (S/PDIF)
    Monitor(s) Displays
    3 x 27" Asus VE278Q
    Screen Resolution
    1920x1080
    Hard Drives
    1TB Samsung 970 EVO Plus M.2,
    250GB Samsung 960 EVO M.2,
    6TB WD Black WD6001FZWX
    8TB WD MyCloudEX2Ultra NAS
    PSU
    OCZ Series Gold OCZZ1000M 1000W
    Case
    Thermaltake Core P3
    Cooling
    Corsair Hydro H115i
    Keyboard
    Logitech wireless K800
    Mouse
    Logitech MX Master
    Internet Speed
    1 Gb/s Download and 35 Mb/s Upload
    Browser
    Internet Explorer 11
    Antivirus
    Malwarebyte Anti-Malware Premium
    Other Info
    Logitech Z625 speaker system,
    Logitech BRIO 4K Pro webcam,
    HP Color LaserJet Pro MFP M477fdn,
    Linksys EA9500 router,
    Arris SB8200 cable modem,
    APC SMART-UPS RT 1000 XL - SURT1000XLI,
    Lumia 1520 phone

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top