Re: Win 2003 - Share can be read with no NTFS permission?
From: Pat (nobody_at_nobody.com)
Date: 11/01/04
- Next message: Bob: "Re: Failure Audit"
- Previous message: mm: "password expiration"
- Next in thread: Steven L Umbach: "Re: Win 2003 - Share can be read with no NTFS permission?"
- Reply: Steven L Umbach: "Re: Win 2003 - Share can be read with no NTFS permission?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 01 Nov 2004 11:24:14 -0500
It was picking up Full control permissions from creator owner. if a
user belongs to two groups,it is going to have least restrictive
permissons from both groups?
On Fri, 29 Oct 2004 02:22:19 GMT, "Steven L Umbach"
<n9rou@n0-spam-for-me-comcast.net> wrote:
>Apparently the test user has full control permissions in the parent folder?
>If you create a folder and do not want to use inherited permissions go into
>the advanced page for security and uncheck inherit permissions form the
>parent folder at which time you will be prompted to either remove or copy
>existing permissions. When checking permissions on the parent folder also
>check advanced permissions to see if the user has permissions there also
>which may not be apparent from the main security page.. --- Steve
>
>
>"Pat" <nobody@nobody.com> wrote in message
>news:95m1o05hfi9v4l2h4ft2p7vlh0le0gj17v@4ax.com...
>> The share is on my DC, my test user had local Admin rights on the WS.
>> I removed the test user from the local Admin group and logged off and
>> on. I can create a folder on the share. It gives the user group R and
>> the test user Full control inherited from the parent folder. On the
>> share on the DC, I have Share permissions= Full control and R for the
>> test group. How is the test user inheriting full permissions?
>>
>> On Wed, 27 Oct 2004 18:55:51 GMT, "Steven L Umbach"
>> <n9rou@n0-spam-for-me-comcast.net> wrote:
>>
>>>I think your problem may be that the user you are testing with is a local
>>>administrator on the computer where the share exists. The administrators
>>>group may have full control permissions to the folder. Try removing your
>>>test user from the local administrators group and try again after logging
>>>off and logging back on. If the creator/owner is present, the user that
>>>creates the file will receive those permissions which usually are full
>>>control.
>>>
>>>To create a share where you want users to only read files give the users
>>>group only read permissions to the share and read/list for ntfs folder
>>>permissions and make sure the users are not members of another group that
>>>has more than read permissions to the share/folder. --- Steve
>>>
>>>
>>>"Pat" <nobody@nobody.com> wrote in message
>>>news:qjgvn0pq346u0i8qem51j089k5iopghplk@4ax.com...
>>>> If I setup a sharecalled share2 with full share permissions and add a
>>>> group called testgroup and put a user called test in that group and
>>>> give the group R permissions on the folder. I then logon at a WS with
>>>> the user Test who is a domain user default rights on the domain and
>>>> administrative rights on the WS, I have Read rights on any
>>>> folders\files that were created by the admin on the server in share2.
>>>> I cannot delete these. I can create a file and in the NTFS permissions
>>>> I have Read rights on the testgroup group and it also puts in the test
>>>> user with full rights. where do the full rights come from. If I just
>>>> want a share that users can only read, not write or modify how can I
>>>> do that?
>>>> On Wed, 27 Oct 2004 10:05:31 -0400, Pat <nobody@nobody.com> wrote:
>>>>
>>>>>I have setup a similar setup, with a new share with default
>>>>>permissions in W3K (read). Add a test user with R X L R ntfs
>>>>>permissions. I logon with a workstation on that domain as test user
>>>>>and try to create a folder and file in the share with no success. If I
>>>>>add change to the share permissions I can create a folder and file in
>>>>>the share. I thought the least restrictive permissions were applied
>>>>>between shares and NTFS?
>>>>>On Wed, 27 Oct 2004 03:37:51 GMT, "Steven L Umbach"
>>>>><n9rou@n0-spam-for-me-comcast.net> wrote:
>>>>>
>>>>>>You show that users have read/list permissions to that folder. Since
>>>>>>you
>>>>>>are
>>>>>>in a domain, that is enough to allow another domain user to access the
>>>>>>folder from another domain computer. --- Steve
>>>>>>
>>>>>>"Patrick Saunders" <psaunder@comcen.com.au> wrote in message
>>>>>>news:7bfe00fe.0410261755.11d2fffa@posting.google.com...
>>>>>>> Hi,
>>>>>>> I apoligise in advance if this is the wrong newsgroup - I could not
>>>>>>> find one for win2003.
>>>>>>>
>>>>>>> Scenario:
>>>>>>>
>>>>>>> I have small test domain with couple of machines.
>>>>>>>
>>>>>>> 1. On a member win2003 server machine '2K3Client' I created folder
>>>>>>> "c:\ShareA"
>>>>>>> 2. I shared folder "ShareA", with default permissions.
>>>>>>>
>>>>>>> This shows permissions as such:
>>>>>>>
>>>>>>> Share permissions
>>>>>>> =================
>>>>>>> Everyone - Read
>>>>>>>
>>>>>>>
>>>>>>> NTFS Security permissions
>>>>>>> ==========================
>>>>>>> Administrators(2K3Client\Administrators) - Full
>>>>>>> SYSTEM - Full
>>>>>>> Users (2K3Client\Users) - Read,List, Special.
>>>>>>>
>>>>>>>
>>>>>>> Question:
>>>>>>> ------------
>>>>>>> I log into another machine as a test user, with no special
>>>>>>> privelleges.
>>>>>>> I can navigate to the share "ShareA" on Machine "2k3Client" AND I can
>>>>>>> view
>>>>>>> the contents of that folder.
>>>>>>>
>>>>>>> I do not understand why I can see contents of folder if there are no
>>>>>>> NTFS permissions to allow this? Can someone please explain?
>>>>>>>
>>>>>>> Many thanks in advance,
>>>>>>>
>>>>>>> Patrick.
>>>>>>
>>>>
>>>
>>
>
- Next message: Bob: "Re: Failure Audit"
- Previous message: mm: "password expiration"
- Next in thread: Steven L Umbach: "Re: Win 2003 - Share can be read with no NTFS permission?"
- Reply: Steven L Umbach: "Re: Win 2003 - Share can be read with no NTFS permission?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
