Re: windows user permissions

From: "Anthony" <anthony.spam@xxxxxxxxxxxxxx>
Date: Wed, 4 Apr 2007 14:28:16 +0100

The domain admins group has a unique SID belonging to that specific domain,
so if the domain goes then that SID is meaningless and you won't have normal
access. However as a local administrator of the machine you will have the
right to take ownership of the folder and reset the permissions. This right
is contained in the default local security policy setting for User Rights
Assignment.
As a result it is futile to try to remove local admins from the permissions.
If they should not be able to get to the content then it needs to be on a
different server, or on a DC. The only thing it can achieve it:
- prevent casual browsing
- log to the Security Event Log if someone changes it and you have auditing
enabled (but if they log on as Administrator it does not tell you much)
Anthony
www.airdesk.co.uk

"Richard" <richardbee@xxxxxxxxxxx> wrote in message
news:%23laM1CmdHHA.2316@xxxxxxxxxxxxxxxxxxxxxxx

Hi

If I set certain folders/files permission to domain administrators only,
and
if the server gets damage and I have to reinstall a new server/domain
controller and reset users. Will I be able to read the folders and files
again.

Many thanks in advance
Richard

References:
- windows user permissions
  - From: Richard

Prev by Date: Web-chat (04/11/2007): EAPHost and EAP-Methods in Windows Vista and Longhorn
Next by Date: Re: Simple question regarding Windows 2003 Firewall
Previous by thread: windows user permissions
Next by thread: Web-chat (04/11/2007): EAPHost and EAP-Methods in Windows Vista and Longhorn
Index(es):
- Date
- Thread

Relevant Pages

Re: Permissions
... Exchange 2000 so am totally unfamiliar with the "M:\" drive, ... Susan Conkey [MVP] ... permissions and everywhere I came across the "Send as" ... ... if we make the users members of Domain Admins group. ...
(microsoft.public.exchange2000.admin)
Re: Change access permissions for \myserverackup for webpart access
... users as email recipients of a copy of the daily performance report? ... > previous nights backup. ... > have to be in the Domain Admins group to view the page. ... > I have not been able to figure out where to change the permissions. ...
(microsoft.public.windows.server.sbs)
ADMT - 2000 to 2003
... server to a dc. ... I am also unable to add the domain admins group from the newdomain into the ... connect to shares on other servers in the old domain. ...
(microsoft.public.win2000.active_directory)
Error in Domain User Privileges Mapping
... network after joining the domain doesn't correctly map user ... I've checked to make sure the domain admins group is a part ... of the local administrators group and has appropriate file permissions ... I did this before joining the domain. ...
(microsoft.public.windows.server.general)
Re: Permissions
... I gave a specific user full permissions for the whole of Exchange ... if we make the users members of Domain Admins group. ... normally belong to a group we've called "Email Team". ...
(microsoft.public.exchange2000.admin)