Sunday, August 12, 2012

Securing Access to Windows 7 Folder from Everyone but a Single User

Today I had to perform a fairly specific task: restrict access to a Windows 7 folder to a single user. I think I found the way to do it properly, and it is not a straightforward task. Before I forget, I might keep a record of all actions required because I did not find a clear sequence anywhere on the net. It will only take 10 easy steps.

Let's assume there is a folder called Bob's Documents where only Bob, and not even the Admin>, should have access.

  1. Right-click on Bob's Documents and select Properties

    2. Select Bob's Documents Properties

  2. Bob's Documents Properties window will open. Switch to Security tab and click Advanced button.

    3. Bob's Documents Properties

  3. Advanced Security Settings for Bob's Documents will open. On the Permissions tab, Click Change Permissions button.

    4. Advanced Security Settings for Bob's Documents

  4. Another window will open. Unfortunately, it's too called Advanced Security Settings for Bob's Documents, adding to confusion. In this new window, untick Include inheritable permissions from this object's parent - that will simplify things a lot, because we only care about permissions to this folder, not its parent folder.

    5. Advanced Security Settings for Bob's Documents - but not the same one!

  5. As soon as the chechbox is unticked, a warning called Windows Security will pop up. Since we're getting rid of parent permissions, click Remove.

    6. Windows Security warning

  6. All permissions should have disappeared from the Permission entries. Now click Add.
  7. Select User or Group window will open. In Enter the object name to select, type Bob and click Check Names to make sure there is no typo. Bob's name should resolve to PCName\Bob.

    8. Select User or Group

  8. Click OK. Now the Permissions Entry for Bob's Documents window will pop up. Let's give Bob full control - click the checkbox across from Full Control under Allow. All other checkboxes under Allow will select automatically. Click OK to close this window.

    9. Permissions Entry for Bob's Documents

  9. About done. Click OK in Advanced Security Settings for Bob's Documents to close it, and in another Advanced Security Settings for Bob's Documents to close it too, and OK in Bob's Documents Properties.
  10. Try to browse to Bob's Documents. Even if you're on Administrator account, you should not be able to, but you should if you are logged in as Bob.

    11. Permissions are set

by . Also posted on my website
Posted by at 4:35 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)