Gestor de Seguridad - Gestión Avanzada de Archivos

The following settings apply to the access rights the limited user account 'SiteKiosk' will have to the file system.

You cannot use the Security Manager to prevent users from accessing your network volumes. Please keep this in mind in case you have granted network access to certain volumes or paths on other machines.

 

Explanations Concerning The Default Values

User's read/write access
The default settings already provide maximum security because users will be able to access the folder 'My Documents' of the account 'SiteKiosk' only for viewing, saving, or deleting files. They will, however, not be able to execute any files from within this folder.
Note:
Please remember that there will be a folder called 'My Documents' for each individual user. Thus, try and make sure not to grant any access rights to the 'My Documents' folders of other users (administrators).

Running Applications
The folders 'Windows' and 'Program Files' and their equivalents possess read and execution rights. However, they do not have any write access. This ensures that your users will be able to run most of all (necessary) applications.

If you want to make additional applications stored in other folders available to your users, you will have to adjust the access rights accordingly (Read & execute).

For more information, go to the SiteKiosk Help menu and click on Programs.

Config Folder Within SiteKiosk's Installation Folder
For security reasons, you should save the .skcfg files you created with the help of the SiteKiosk configuration tool to the folder 'Config', which is located in SiteKiosk's installation directory. In doing so, you ensure that users will not be able to get access to the XML configuration.

 

Explanations On The Symbols Used In Tree View (Legend)

Note:
Right-Clicking a folder will open a context menu which will allow you to adjust the access rights to this folder. All the subfolders of this folder will then inherit the rights you just defined.

Read Only
Access to folders bearing this symbol is read only, i.e. users will only be allowed to view the content of the folder, but will be unable to save or execute any files.

Read & execute
Access to folders bearing this symbol is read/execute, i.e. users will be allowed to view as well as execute files stored in this folder. This kind of access right is required, for example, to access the folders 'Windows' and 'Program Files'.

No Access
The user account SiteKiosk will have no access rights at all to any folders labeled with this symbol.

Read & write
Access to folders bearing this symbol is read/write, i.e. users will be allowed to both open and save files. You should definitely assign this kind of access right to the folder to which you want your users to be able to save files. You will usually want to assign this right to the folder 'My Documents' of the SiteKiosk user account.
Users will then also be able to delete all files previously saved to this folder.

Full access
For security reasons, you should abstain from assigning this kind of access right altogether because users would then be able to download and execute (potentially harmful) programs from the Internet (provided you permitted downloads using the download manager).

User defined
This option lets you assign the access rights of your choice to each individual folder.

The option 'Specify no access rights' refers to the access rights Windows predefined for this user account.

Folder name printed in green (no inheritance)
As mentioned earlier, all access rights assigned to a parent folder will automatically be inherited by all subfolders. An exception to this rule are all folders whose folder name is printed in green. Whenever you come across such a folder, you will have to configure the access rights manually.

Folder name printed in blue (defined rights)
Whenever you use the Security Manager to apply the default settings or to explicitly define access rights to a certain folder, the folder's name will be written in blue.
The use of different colors will help you to notice at a glance what changes to the access rights have been applied by the Security Manager.