Re: Deny specific user
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Sun, 16 Dec 2007 08:59:51 -0700
"zz12" <IDontLikeSpam@xxxxxxxxxxx> wrote in message
news:%23w4WgJRPIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
If I go ahead and issue a Deny on a specific domain regular user to a oneNo. That is not the case.
of our server's 'c' drive this would basically deny access to this
particular server's entrie 'c' drive.
If C: is where the OS is installed, you will notice that there are
multiple directories under C: that do not inherit their permissions
from the root C:
Further, even if everything on C: did inherit from the root, and so
would inherit this deny you are thinking of adding, it will only
effect a deny as long as nothing later (lower in a directory path)
grants (directly or indirectly) to that user. If there is such a grant
placed closer to or on the object somewhere down under C: then
that user will have access (i.e. the deny is overridden).
Say later on I then uncheck the Deny permission for this user in theory it
would just affect this particular regular user in where if we deleted this
domain user then everything should be back to original and not effect any
other user's permissions on the server's 'c' drive?
Removing an ACE, such as this deny, does remove it, so if you uncheck
the deny in the ACE that names that user and denies to them, then it would
no longer exist as a deny. That ACE affects only the principal that it
names,
which you say would be that user.
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:ewW9LMKOIHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
The filesystem folder ? or one seen viewing active directory ?
An explicit deny overrules any grant, which is effective for the object
itself.
But such a deny is only potentially effective on any sibling dependent
content if the object is a container like a directory. Where the deny is
only inherited, any grant to the principal that is nearer the object than
the inheritance point of the deny will overrule the deny.
So, there is a simple (for filesystem at least) way to do what you are
after, if anything inheriting permissions from where you place the deny
has nothing but those inherited permissions (or only differences knowing
made).
Roger
"zz12" <IDontLikeSpam@xxxxxxxxxxx> wrote in message
news:O75kcf6NIHA.2140@xxxxxxxxxxxxxxxxxxxxxxx
Hello. Is there a way to deny a specific domain user on folders and
subfolders on a w2k server active directory? Just wondering if it was
possible to leave the Everyone group access to a folder but somehow deny
1 specific user at the same time.
Thanks in advance.
.
- References:
- Deny specific user
- From: zz12
- Re: Deny specific user
- From: Roger Abell [MVP]
- Re: Deny specific user
- From: zz12
- Deny specific user
- Prev by Date: Re: Deny specific user
- Next by Date: www.nikepopularshoes.com cheap wholesalenike shoes air dunks,Nike shox,Nike shocks,Nike shox tl,Nike shox nz,Nike shox r4
- Previous by thread: Re: Deny specific user
- Next by thread: Re: Prevent users from movile folders and files
- Index(es):
Relevant Pages
|
