RE: Permissions Questions

From: Shawn Farkas [MS] (shawnfa_at_online.microsoft.com)
Date: 01/26/05

  • Next message: Valery Pryamikov: "Re: How is .net generating extra bits in MD5?" 
    Date: Wed, 26 Jan 2005 22:21:28 GMT

    Glad to help :-)

    -Shawn
    http://blogs.msdn.com/shawnfa
    --
    This posting is provided "AS IS" with no warranties, and confers no rights.
     

    Note:
    For the benefit of the community-at-large, all responses to this message
    are best directed to the newsgroup/thread from which they originated.
    --------------------
    > Thread-Topic: Permissions Questions
    > thread-index: AcUD0h5YYLuSWWRGRuyaLy+ggqEJYw==
    > X-WBNR-Posting-Host: 208.248.162.220
    > From: =?Utf-8?B?c2F2YW50ZWQxQGhvdG1haWwuY29t?=
    <savanted1hotmailcom@discussions.microsoft.com>
    > References: <63641FB6-D17A-47DC-92BA-7ED717267EDE@microsoft.com>
    <vkPIv1yAFHA.2944@cpmsftngxa10.phx.gbl>
    > Subject: RE: Permissions Questions
    > Date: Wed, 26 Jan 2005 10:09:03 -0800
    > Lines: 65
    > Message-ID: <FD8942EA-902B-48BF-8460-103058A8284F@microsoft.com>
    > MIME-Version: 1.0
    > Content-Type: text/plain;
    > charset="Utf-8"
    > Content-Transfer-Encoding: 7bit
    > X-Newsreader: Microsoft CDO for Windows 2000
    > Content-Class: urn:content-classes:message
    > Importance: normal
    > Priority: normal
    > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    > Newsgroups: microsoft.public.dotnet.security
    > NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
    > Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
    > Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:8857
    > X-Tomcat-NG: microsoft.public.dotnet.security
    >
    > Dear, Mr. Farkas
    > I want to thank you personally for enlightening me on the subject
    > matter of CAS. I f I have anymore questions on this matter I will not
    > hesitate to post it here within the group.
    >
    > Regards,
    >
    > ""Shawn Farkas [MS]"" wrote:
    >
    > > The CAS security model does not fit in anywhere on the OSI stack. The
    DNS
    > > permission you're referring to actually only determines if an
    application
    > > is allowed to resolve DNS addresses, it doesn't have anything to do
    with
    > > the actual DNS resolution itself. CAS permissions actually sit on top
    of
    > > NT permissions as well.
    > > (http://blogs.msdn.com/shawnfa/archive/2004/12/15/315992.aspx for more
    > > information on that). In fact, an application that runs in the CLR and
    > > uses the CAS system may never access the network at all!
    > >
    > > -Shawn
    > > http://blogs.msdn.com/shawnfa
    > > --
    > > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    > >
    > >
    > > Note:
    > > For the benefit of the community-at-large, all responses to this
    message
    > > are best directed to the newsgroup/thread from which they originated.
    > > --------------------
    > > > Thread-Topic: Permissions Questions
    > > > thread-index: AcUDDAb3Lu8C7z6lQoCkQa5qaeNVPw==
    > > > X-WBNR-Posting-Host: 208.248.162.220
    > > > From: =?Utf-8?B?c2F2YW50ZWQxQGhvdG1haWwuY29t?=
    > > <savanted1hotmailcom@discussions.microsoft.com>
    > > > Subject: Permissions Questions
    > > > Date: Tue, 25 Jan 2005 10:31:04 -0800
    > > > Lines: 8
    > > > Message-ID: <63641FB6-D17A-47DC-92BA-7ED717267EDE@microsoft.com>
    > > > MIME-Version: 1.0
    > > > Content-Type: text/plain;
    > > > charset="Utf-8"
    > > > Content-Transfer-Encoding: 7bit
    > > > X-Newsreader: Microsoft CDO for Windows 2000
    > > > Content-Class: urn:content-classes:message
    > > > Importance: normal
    > > > Priority: normal
    > > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
    > > > Newsgroups: microsoft.public.dotnet.security
    > > > NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
    > > > Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
    > > > Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:8840
    > > > X-Tomcat-NG: microsoft.public.dotnet.security
    > > >
    > > > Dear, Microsoft Corporation
    > > >
    > > > Would the Permissions architecture be considered to operate at the
    > > Session
    > > > Layer of the OSI model? The reason I state this is due in part to the
    > > fact
    > > > that it has DNS incorporated within its confines.
    > > >
    > > > Regards,
    > > >
    > > >
    > >
    > >
    >

  • Next message: Valery Pryamikov: "Re: How is .net generating extra bits in MD5?"

    Relevant Pages

    • Re: Prevent changes to Administrator password
      ... What I am trying to do is give Taz1972 some options to minimize the risk or make it harder for a lower-level DA to reset the password for the EA account. ... Restricted Admins group to mitigate against what you propose Deji. ... also need to make sure the DAs in question cannot elevate their rights to EA, ... > By adding the Deny Write Permissions ACE, ...
      (microsoft.public.windows.server.active_directory)
    • Re: Prevent changes to Administrator password
      ... What I am trying to do is give Taz1972 some options to minimize the risk or make it harder for a lower-level DA to reset the password for the EA account. ... * This posting is provided "AS IS" with no warranties and confers no rights! ... > By adding the Deny Write Permissions ACE, ... > permission to modify the ACL on AdminSDHolder. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Why is Fedora not a Free GNU/Linux distributions?
      ... Taking away legitimate rights, yes, that would be immoral. ... specifically to be incompatible with the GPL, ... Software license) doesn't take away any right you had. ... There are other permissions that enable you to copy and distribute the ...
      (Fedora)
    • Re: Prevent changes to Administrator password
      ... Have you thought about delegating the exact permissions needed instead of using DA or restructing your forest? ... * This posting is provided "AS IS" with no warranties and confers no rights! ... > Restricted Admins group to mitigate against what you propose Deji. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Prevent changes to Administrator password
      ... * This posting is provided "AS IS" with no warranties and confers no rights! ... his/her account from the Restricted Admin group and clears the flag? ... > By adding the Deny Write Permissions ACE, ... > permission to modify the ACL on AdminSDHolder. ...
      (microsoft.public.windows.server.active_directory)