Re: By-pass traverse checking is not working
From: Rob (robjohn_at_hmmausa.com)
Date: 01/29/04
- Next message: Yumin: "Re: How 128-bit encryption?"
- Previous message: *Vanguard*: "Re: to remove a program"
- In reply to: Richard McCall [MSFT]: "Re: By-pass traverse checking is not working"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jan 2004 15:58:34 -0600
I did see it set under effective settings. But for some reason, going from
folder a drilling down through folder, b, c, d; access is blocked to d even
though explicit permissions are present. This server is a DC with all
patches. I am really at a loss, I have ensured that the domain security
policy and local security policy has by-pass enabled, and each folder in the
heirarchy has by-pass checked for Authenticated Users.
Below is a DumpSec report for the heirarchy I am testing by-pass against,
with the Helpdesk forms folder being the folder I am trying to by-traverse
to.
C:\HMMA\HR-Admin\IT\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\Drawings\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\Drawings\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\Drawings\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\Drawings\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\ERP\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\ERP\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\ERP\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\ERP\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\Event Log\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\Event Log\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\Event Log\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\Event Log\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\Forms\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\Forms\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\Forms\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\Forms\ HMMA\HMMA IT Dept RWXD RWXD
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ Authenticated Users R X R X
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ Authenticated Users ax00100020
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ HMMA\Domain Admins all all
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ HMMA\Administrator all all
C:\HMMA\HR-Admin\IT\Forms\Help Desk Forms\ HMMA\HMMA IT Dept RWXD RWXD
Any thoughts would be appreciated.
Rob
"Richard McCall [MSFT]" <richmcc@online.microsoft.com> wrote in message
news:uKHYQbq5DHA.2300@TK2MSFTNGP10.phx.gbl...
> Bypass travse checking is enabled by default on DC as Authenticated Users,
> Everyone, Administrators and Pre Windows 2000 Compatible access
>
> --
> Richard McCall [MSFT]
>
> "This posting is provided "AS IS" with no warranties, and confers no
> rights."
> "Rob" <robjohn@hmmausa.com> wrote in message
> news:epfrfAq5DHA.1948@TK2MSFTNGP12.phx.gbl...
> > If I recall correctly by-pass traverse checking was on by default with
NT.
> > I have discovered that it is not on by default for W2K, bummer. I have
a
> > heirarchy of folders for each of my departments that have been locked
down
> > to just members of each department. Now I have the need to allow access
> > between departments. After turning by-pass traverse checking on and
> setting
> > it also for each folder, my users are unable to traverse folders they
> don't
> > have permissions to. The only way I could get the traversal to work was
> by
> > enabling List/Read also. The problem with this is it allows the users
to
> > see the contents of folders they have no permission for.
> >
> > How can I get the traversal functioning as it did with NT?
> >
> > Rob
> >
> >
>
>
- Next message: Yumin: "Re: How 128-bit encryption?"
- Previous message: *Vanguard*: "Re: to remove a program"
- In reply to: Richard McCall [MSFT]: "Re: By-pass traverse checking is not working"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
