Using Windows Vista. What is the correct and best way to prevent access to an entire drive (not the C windows drive) for a particular user? Probably I prefer an NTFS solution rather than hiding drive letters.
When I look on the Security tab of the drive's properties I see:
Group or usernames:
Authenticated Users
SYSTEM
Administrators (MyComputer\Administrators)
Users (MyComputer\Users)
I'm not sure if I should be adding a deny permission or removing an existing permission and I don't understand how the Authenticated Users combines with Users (or with the specific user if I add them)
Best Answer
"Deny" permissions overrule "Allow". When Windows encounters a Deny that matches the current user, it stops looking and denies the access. It therefore doesn't matter how many groups would allow your particular user, once you've denied him, he's out.