Re: Unexpected security restriction for a user in both a user and administrative group.
- From: ScottS <scotts002@xxxxxxxxxxx>
- Date: Fri, 25 Apr 2008 10:44:31 -0700 (PDT)
Here's an example of a result I didn't expect: on the security
properties for a folder, inheritance is turned off and "Users" are
granted all permissions except full control (i.e. except "delete
subfolders", "change permissions", and "take ownership"). They are not
explicity denied any permission. Then by an oversight "Administrators"
are left off of the "permission entries" (i.e. the list of groups with
permissions granted or denied) for the folder. The result is that a
user in both the "Users" and "Administrators" groups is not allowed to
even list the contents of the folder.
When the security properties for the same folder are reversed
("Administrators" are granted full control and "Users" are not listed
in the "permission entries") the same user (a member of both the
"Users" and "Administrators" groups) has full control of the folder.
I would have expected this user to have the permissions of whichever
group was granted permissions to the folder.
I doubt I'll be able to understand all of this through examples. Is
there a document that lays out all of the rules?
--ScottS
.
- Follow-Ups:
- Re: Unexpected security restriction for a user in both a user and administrative group.
- From: Roger Abell [MVP]
- Re: Unexpected security restriction for a user in both a user and administrative group.
- References:
- Prev by Date: Re: Is there malware on my Server?
- Next by Date: Re: Unexpected security restriction for a user in both a user and administrative group.
- Previous by thread: Re: Unexpected security restriction for a user in both a user and administrative group.
- Next by thread: Re: Unexpected security restriction for a user in both a user and administrative group.
- Index(es):
Relevant Pages
|
|
