RE: Computer accounts in NTFS permissions

From: Kirk Brady (Kirk.Brady_at_TeachersHealth.com.au)
Date: 02/23/05

  • Next message: Bruce K. Marshall: "Re: Computer accounts in NTFS permissions"
    Date: Thu, 24 Feb 2005 08:03:24 +1100
    To: <focus-ms@securityfocus.com>
    
    

    if its a domain account accessing network resources, you need to use both share and ntfs permissions.
    if its a local account, you have to make sure that the user is not a member of a group which has more rights than you are trying to "not give them" (deny takes precedence above all other rights, so to use that word is incorrect in this instance) - if they are, they get the rights of the least restrictive group

    hth
    kirk

    -----Original Message-----
    From: Daniel Schmidt [mailto:dschmidt@buddyrents.com]
    Sent: Thursday, 24 February 2005 2:33 AM
    To: focus-ms@securityfocus.com
    Subject: Computer accounts in NTFS permissions

    It is my understanding that computer accounts can be used as security
    principals, but using them in a NTFS ACL seems to have no effect. Does
    computer account authentication only authorize accesses from the SYSTEM
    account? Can anyone point me toward some useful reading on the subject?

    Daniel Schmidt
    Network Technician
    Buddy's Home Furnishings
    813.623.5461 x128
    dschmidt@buddyrents.com

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Bruce K. Marshall: "Re: Computer accounts in NTFS permissions"

    Relevant Pages

    • RE: Computer accounts in NTFS permissions
      ... Computer accounts are great for doing AD GPO's. ... depending on how you need to use them. ... Computer accounts in NTFS permissions ... computer account authentication only authorize accesses from the SYSTEM ...
      (Focus-Microsoft)
    • Re: LDIFDE
      ... for the computer accounts as well as the user accounts. ... Operating System, the Operating System Version and the Operating System ... >> TTS, ... >> HTH, ...
      (microsoft.public.win2000.active_directory)
    • Re: How to properly remove a crashed DC from AD
      ... HTH, ... > if you get DSA object cannot be deleted, ADSI will take care of it for ... >> B. Delete the computer accounts from the ADUC. ...
      (microsoft.public.win2000.active_directory)
    • Re: Adding workstations to domain
      ... DDS W 2k MVP MCSE ... group to add computer accounts to the domain but no other users on the ...
      (microsoft.public.windows.server.active_directory)
    • Re: Permissions to Delegate User For Netdom
      ... I need to know what permission to delegate so a user so this user will be ... able to add/join computer accounts back into the domain that already ...
      (microsoft.public.windows.server.active_directory)