Controlling/restricting multiple users remote file access.

[jbowman]

I established a computer just for clients to login to for their data files. I just getting ready to go live, but noticed under the Properties>Security Tab for several of the more critical folders (Program Files, Users, Windows), includes the following "Group or user names": Users; Administrators; TrustedInstaller; SYSTEM; CREATOR OWNER

Also noticed the c:\USERS folder and the user names within it are visible. I hid just the user folder, but could still change to c:\users and view its folders.

Am I correct that these seem like to glaring security issues.

I have set myself up in the administrator group and the remote access users with "limited" access in the users group

1) Should I (or is there any reason not to) restrict the Program Files, Program Files (x86), Windows folders to the Administrator group only? or will this (probably) prevent the users from using (running) the programs as well?

2) Should each user be granted specific permission (plus me as the administrator) instead of Group level User permission of their individual c:\users\[username] folder.

3) Can/should the c:\Users\[username] folders be hidden?

Any suggestions are appreciated...

 

[jbowman]

Post Follow-up:

Well, just realized one problem with hiding c:\users or their sub-folders. Seagate dashboard (ver 2.2.29.0) backup utility to 3tb USB doesn't "see" the hidden folders to backup -- that's a problem....

I un-hid the folders and now backup "sees" the folders

Still looking for suggestions...