RE: Computer accounts in NTFS permissions

• Previous message: Gustavo Mateus: "Com+ permissions"
• Maybe in reply to: Daniel Schmidt: "Computer accounts in NTFS permissions"
• Next in thread: Bruce K. Marshall: "Re: Computer accounts in NTFS permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Feb 2005 08:03:24 +1100
To: <focus-ms@securityfocus.com>

if its a domain account accessing network resources, you need to use both share and ntfs permissions.
if its a local account, you have to make sure that the user is not a member of a group which has more rights than you are trying to "not give them" (deny takes precedence above all other rights, so to use that word is incorrect in this instance) - if they are, they get the rights of the least restrictive group

hth
kirk

-----Original Message-----
From: Daniel Schmidt [mailto:dschmidt@buddyrents.com]
Sent: Thursday, 24 February 2005 2:33 AM
To: focus-ms@securityfocus.com
Subject: Computer accounts in NTFS permissions

It is my understanding that computer accounts can be used as security
principals, but using them in a NTFS ACL seems to have no effect. Does
computer account authentication only authorize accesses from the SYSTEM
account? Can anyone point me toward some useful reading on the subject?

Daniel Schmidt
Network Technician
Buddy's Home Furnishings
813.623.5461 x128
dschmidt@buddyrents.com

---------------------------------------------------------------------------
---------------------------------------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Gustavo Mateus: "Com+ permissions"
• Maybe in reply to: Daniel Schmidt: "Computer accounts in NTFS permissions"
• Next in thread: Bruce K. Marshall: "Re: Computer accounts in NTFS permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]