Prevent access to the rshx32.dll file on all your workstations and servers to Administrators and System only. You can do this with a GPO. The user can't access the security tab then and can't change permissions. Unless they know how to use cacls. You could lock the permissions on that file as well through Group Policy.
2010/1/13 Terri Esham <terri.es...@noaa.gov> > We have a Windows 2008 Domain whereby we control access to folders > stored on one of the domain controllers through Active Directory > groups. When a new folder is created on the network file server, we > grant full permissions to the associated active directory group with the > exception of the ability to set and change permissions. > > We just discovered that a user can grant permissions to any folder that > they create under the primary folder because they are the folder > owner. Obviously, I can change ownership to the domain admin, but how > in the world would I keep up with this. I've no idea when a user might > create a sub folder. I stumbled upon the problem because I found a > folder whereby a user had granted the everyone group full rights. I > knew none of the domain admins would do that. After talking with the > owner of the folder, I found out he's been doing it all along. > > Wow! This is a real problem for us because we want to control access > through groups. This one user had shared a bunch of folders using > individual names. Plus, he had no clue what he was doing and just > granted everyone full rights. > > How in the world do you guys handle this? Am I missing something? > > Thanks, Terri > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
