Use this page to manage Dynamic Local User (DLU) file system access on Windows* NT*/2000/XP workstations and Terminal Servers. You can control access to entire directories or to individual files.
For example, if the Dynamic Local User policy creates the user as a member of a group that does not give access to a directory required to run an application, you can use this page to explicitly grant the required directory rights. Or, if the user has Full Control rights to a directory, you can use this page to limit rights to any of the directory's files.
File Rights
The File Rights list displays the directories and files to which the user has
been explicitly assigned file system rights. When you select a directory or
file in the list, the assigned rights are shown in the File Rights box below
the list. For an explanation of each of these rights (Full Control, Read, Write,
Execute, Grant Permissions, and Take Ownership), please refer to the Microsoft*
Windows operating system documentation.
Subdirectories inherit the rights assigned to their parent directories. For example, if you assign Full Control rights to the c:\program files directory, the user automatically receives Full Control rights to the subdirectories of the c:\program files directory.
Up-Arrow and Down-Arrow
Use the up-arrow and down-arrow on the right side of the File Rights list to
reposition entries in the list.
Directory rights are assigned in the order the directories are listed, from top to bottom. Because of directory rights inheritance, if a directory and its subdirectory are listed, the subdirectory must be listed after its parent directory. This ensures that the subdirectory's explicitly assigned rights will not be overridden by rights inherited from its parent directory.
File rights always take precedence over directory rights, regardless of their position in the list. For example, if you assign Full Control rights to the c:\program files directory and Read and Execute rights to the c:\program files\sample.txt file, the user is assigned Read and Execute rights to the file regardless of whether the file is listed before or after the directory.
It is possible to block the inheritance of rights on the NTFS files system, and under Windows XP, by default, the Windows directory does not allow rights to be inherited.
Add
Click Add to add a directory or file to the list. You will be prompted to enter
or select the directory or file. The directory or file path must be from the
perspective of the workstation or terminal server where the rights will be assigned.
After you've added a directory or file to the list, select the directory or file, then use the File Rights box to assign the appropriate file rights (Full Control, Read, Write, Execute, Grant Permissions, and Take Ownership).
Edit
Select a directory or file in the list, then click Edit to modify the directory
path or file path.
Delete
Select a directory or file in the list, then click Delete to remove it from
the list.
ZENworks
Desktop Management Online Documentation
A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk denotes a third-party trademark. For information on trademarks, see Legal Notices.