RE: Computer accounts in NTFS permissions

From: Kirk Brady (Kirk.Brady_at_TeachersHealth.com.au)
Date: 02/23/05

  • Next message: Bruce K. Marshall: "Re: Computer accounts in NTFS permissions"
    Date: Thu, 24 Feb 2005 08:03:24 +1100
    To: <focus-ms@securityfocus.com>
    
    

    if its a domain account accessing network resources, you need to use both share and ntfs permissions.
    if its a local account, you have to make sure that the user is not a member of a group which has more rights than you are trying to "not give them" (deny takes precedence above all other rights, so to use that word is incorrect in this instance) - if they are, they get the rights of the least restrictive group

    hth
    kirk

    -----Original Message-----
    From: Daniel Schmidt [mailto:dschmidt@buddyrents.com]
    Sent: Thursday, 24 February 2005 2:33 AM
    To: focus-ms@securityfocus.com
    Subject: Computer accounts in NTFS permissions

    It is my understanding that computer accounts can be used as security
    principals, but using them in a NTFS ACL seems to have no effect. Does
    computer account authentication only authorize accesses from the SYSTEM
    account? Can anyone point me toward some useful reading on the subject?

    Daniel Schmidt
    Network Technician
    Buddy's Home Furnishings
    813.623.5461 x128
    dschmidt@buddyrents.com

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Bruce K. Marshall: "Re: Computer accounts in NTFS permissions"