Re: NTFS permissions

From: Daniel Angelucci (angelucc@nospam.duke.edu)
Date: 10/31/02 

Date: Thu, 31 Oct 2002 13:25:31 -0500
From: Daniel Angelucci <angelucc@nospam.duke.edu>

Sounds like it is inheriting the permissions from the parent folder.
Uncheck the box in the security properties for Allow inheritable
permissions... (blah blah blah). You should be prompted to either copy
or remove the current ACL. Just remove it, then add your desired ACL.

Dan

Brian wrote:
>>-----Original Message-----
>>If you have no permissions set other than the allowed
>
> group on a folder
>
>>or share, it should restrict the groups appropriately.
>>
>>In other words, don't deny the users access, just don't
>
> include them in
>
>>the ACL at all.
>>
>>Dan
>>
>>Brian wrote:
>>
>>>I would like to set up an application folder that
>>
> denies
>
>>>access to all users by default, and grants access only
>>
> to
>
>>>a special group. (Kinda like a firewall)
>>>
>>>I tried denying to the Users group, and found that I
>>>effectivly remove permissions for everyone, even Admin.
>>>
>>>I found I can set up a Deny group, but that is not the
>>>security model I am looking for. The app is a secure
>>
> app
>
>>>and really only should grant access to seleced
>>>users/groups and deny access to all others.
>>>
>>>Any ideas?
>>>
>>>-Thanx
>>>Brian
>>
>>
>>.
>>
>
>
> Problem is that I cannot change the RWX permissions for
> the Users group, they are granted and greyed out, and
> denying had unintended side effects. I would like to
> remove these permissions.
>
> Note: I tried to modify who was in the Users group with
> other side effects. There is a built in Interactive that
> has been causing some confusion, and others. I would like
> to know who/what built ins need to be where
> (Administrators, Special Access, Users) to make this
> happen.
>
> Thanx
> -Brian
>

Relevant Pages

  • Re: Default NTFS permissions too liberal on newly created volumes
    ... A rule of thumb that I use is when making a new folder off the root of the drive, to be used as a share, I remove the inheritance ... > read-only permissions via a certain group. ... > I looked at the other servers that we've built and all have the same all-too-liberal permission settings for the USERS group. ...
    (microsoft.public.windows.server.security)
  • Re: Folder/Share security question
    ... Ok, permissions were set exactly as you listed below, but still weren't ... Then I noticed the local Users group had special ... turn had Create Folder & Create File permissions set. ... Read & Execute, List Folder Contents, Read ...
    (microsoft.public.windows.server.security)
  • Re: Setting folder permissions
    ... I have made the parent folder Users group have Full Control permissions on ... These permissions are being copied into the newly created folder, ... I changed it to my admin account and got everything working. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Folder/Share security question
    ...  Then I noticed the local Users group had special ... turn had Create Folder & Create File permissions set. ... Read & Execute, List Folder Contents, Read ...
    (microsoft.public.windows.server.security)
  • REPOST: Re: Access denied for Administrator on folder
    ... > understand part on setting permissions on share. ... > I wanted to deny access to Users group to that folder so ... > Administrator who have created that folder dont have access to it. ... > Is there any connection between Users group and Administrator accaunt? ...
    (microsoft.public.windows.server.security)