Re: revoke change permissions?

From: David Taylor (mcp916removethis806_at_removethistoo@hotmail.com)
Date: 03/10/04 

Date: Wed, 10 Mar 2004 14:20:33 -0600

:) a much loved change...but it seems they also changed OWNER CREATOR.... at
one time I could DENY..and it meant DENY.

Of course, if it did work...her'd be the problem:

1. admin denys Owner Creator Change Permissions.
2. User created data
3. User needs admin help with permissions.
4. Admin takes control to modify permission.
5. Admin takes a few hours to discover he is now owner...and subject to the
Owner Creator Deny.

"Derek Melber [MVP]" <derekm@braincore.net> wrote in message
news:eo7OtltBEHA.2600@TK2MSFTNGP09.phx.gbl...
> Yeah, that is a one time shot, that you would need to do often.
>
> I don't know of any change surrounding this... only that you can now in
2003
> force ownership on someone, where in 2k you had to "take it".
>
> --
> Derek Melber
> University of Phoenix Online
> Faculty Candidate
> dmelber@email.uophx.edu
> "David Taylor" <mcp916removethis806@removethistoo@hotmail.com> wrote in
> message news:%23laHGbtBEHA.688@tk2msftngp13.phx.gbl...
> > That box seems to only change the ownership as a one time deal. As far
as
> I
> > can tell, new files do not enherit ownership from thier parent folders.
> >
> > Is there a list of the file system/permission changes MS has made in the
> > transition from 2k to 2003? I think they must have changed this
> > functionality because people were locking themselves out too much.
> >
> > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
> > news:ulbnFYtBEHA.3400@tk2msftngp13.phx.gbl...
> > > Not that I am aware of. However, there is a checkbox that can change
> > > ownership of all folders and files to a certain user in the Owner tab
of
> > the
> > > Security properties. Maybe this can help you with your issue?
> > >
> > > --
> > > Derek Melber
> > > University of Phoenix Online
> > > Faculty Candidate
> > > dmelber@email.uophx.edu
> > > "David Taylor" <mcp916removethis806@removethistoo@hotmail.com> wrote
in
> > > message news:uhQTi8sBEHA.2380@TK2MSFTNGP10.phx.gbl...
> > > > Is there a way that I can cause ownership of files/folders to be
> > assigned
> > > to
> > > > the Administrator Group instead of the user -- when it is the users
> who
> > > will
> > > > create the files???
> > > >
> > > > "Derek Melber [MVP]" <derekm@braincore.net> wrote in message
> > > > news:uJoGNtsBEHA.4080@TK2MSFTNGP09.phx.gbl...
> > > > > David,
> > > > >
> > > > > You can't use the Effective Permissions as the end all of the
> > > > configuration.
> > > > > It is wrong in many cases, especially when you start to use
complex
> > > group
> > > > > structures.
> > > > >
> > > > > It sounds like you are correct in setting up Deny to Change
> > Permissions
> > > to
> > > > > the group that should never have this ability. The only catch is
to
> > make
> > > > > sure they don't have Ownership of the folder/file, since ownership
> > gives
> > > > > them the ability to do anything to the file.
> > > > > Hopes this helps.
> > > > >
> > > > > --
> > > > > Derek Melber
> > > > > University of Phoenix Online
> > > > > Faculty Candidate
> > > > > dmelber@email.uophx.edu
> > > > > "David Taylor 806@ hotmail.com>" <mcp916<removethisremovethistoo>
> > wrote
> > > in
> > > > > message news:%23DPpzZsBEHA.3256@TK2MSFTNGP09.phx.gbl...
> > > > > > I have a shared folder on a Windows 2003 server, and a Domain
> Local
> > > > group
> > > > > to
> > > > > > which I will add groups of users.
> > > > > >
> > > > > > The domain local group has been given full control minus Change
> > > > > > Atributes/Extended Attributes, take ownership, and Change
> > Permissions.
> > > > In
> > > > > > addition, the Domain Local group has been assigned the Owner
role.
> > > > > >
> > > > > > We do not want users playing with atributes or security
settings.
> > The
> > > > > > folder will hold files and folders created by and to be modified
> and
> > > > > deleted
> > > > > > by all members & group members of the new Domain Local group.
> > > > > >
> > > > > > When I view the Effective Permissions for the group, Change
> > Permission
> > > > is
> > > > > > present. I even tried denying it, removing the Creator/Owner,
> > denying
> > > > to
> > > > > > creator owner and the group.
> > > > > >
> > > > > > Is there a proper way to make it so the users can access the
files
> > but
> > > > not
> > > > > > modify permissions?
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > David Taylor
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: system.mdw
    ... Id, give admin all the rights, and he would be able to do about anything EVEN ... thanks again....very helpful just to know that the owner was stored ... user, modified the user group permissions, etc. ... open my project, if the default mdw file is the "system.mdw", then ...
    (microsoft.public.access.security)
  • Re: Moving DCs From Default OU ?
    ... if I'm an admin (domain admins, administrators, enterprise admin, ... etc) you can deny whatever you want to. ... although I don't have permissions I can change them back so I do ...
    (microsoft.public.windows.server.active_directory)
  • Re: system.mdw
    ... My login is listed as the "owner" and I've gimped the admin ... user, modified the user group permissions, etc. ... The owner information is stored in the mdb. ...
    (microsoft.public.access.security)
  • RE: Access 97 Security issue Cant make a MDE
    ... "If the database is secured using user-level security, ... logged in as the owner of the database, or at least a member of the Admins ... > the dayabase as a user AND can sign in simply as admin, ... > that the user account has Modify Design or Administer permissions for the ...
    (microsoft.public.access.security)
  • Re: Remove MMC
    ... two columns, to grant permissions, to deny permissions ... >>in with that admin account (even if you were already ...
    (microsoft.public.windowsxp.security_admin)