Re: Bug in 2008 security?



Here they are:

Anyone in the Termed Staff security group should have read only permissions
to the following location. Folders within this, permissions are granted on
a per user basis. Folders within this location have the same security
listed below except the termed Staff security group is removed.
d:\dfsroots\Termed Staff
Administrators full control
Creator Owner special
Domain Admins full
System full
Termed Staff Read & Execute, list, read

Permissions are the same as above via the dfs.

I think I see what the issue may be. I've found that is
domain\administrators have access then all domain users have full control.
I have no idea why this is as domain users are not in the administrators
group.




"neo" <neo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23jFn7tHXKHA.1236@xxxxxxxxxxxxxxxxxxxxxxx
Please post/review the share and ntfs permission on both dfs path and the
location it points to. One of them has something you don't expect.

"JackH" <grandam010nospam@xxxxxxxxx> wrote in message
news:eXyMzIBXKHA.4688@xxxxxxxxxxxxxxxxxxxxxxx
That's what I was referring to was the NTFS permissions.


"neo" <neo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%235ltt$AXKHA.3720@xxxxxxxxxxxxxxxxxxxxxxx
Not knowing exactly what you need from this share, my gut says....

On share permissions tab, no. On NTFS permissions tab, yes.

"JackH" <grandam010nospam@xxxxxxxxx> wrote in message
news:OwiNNw9WKHA.3876@xxxxxxxxxxxxxxxxxxxxxxx
I believe because it is a DFS share? Is this not needed?


"neo" <neo@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:eT2Yvi7WKHA.1236@xxxxxxxxxxxxxxxxxxxxxxx
First question I would ask is why is your site going with "SYSTEM" on
the share permissions tab?

"JackH" <grandam010nospam@xxxxxxxxx> wrote in message
news:ucBYzL1WKHA.1232@xxxxxxxxxxxxxxxxxxxxxxx
I have several shares with permissions of Domain admins full control
and System special.

When staff try to access these folders they receive and access
denied. Which is great. However, I've found that these staff can
right click->properties->security tab and add them selves with full
control. How is this possible?










.



Relevant Pages

  • Re: NTFS Security Question.
    ... A subordinate object DOES not inherit the PARENT perms (in ... will assume "Nebulous" permissions that refer to the LINK ... The trick is to PROPOGATE to all FILES (not Folders and Files - that would ... Since Windows 2000 deny NTFS permission does not work ...
    (microsoft.public.windowsxp.security_admin)
  • RE: ISA 2004 REPORT FAILURE
    ... Did as you suggested and turned auditing on for the system and folders ... that is setting the wrong permissions of the folders ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2004 REPORT FAILURE
    ... the ISA Reports still fail because ... I can change the permissions manually ... on the ISALogs and ISASummaries folders ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Personal Media Drive
    ... > much more knowledgeable about Windows than I am. ... You restrict access by assigning permissions to drives, folders and files. ...
    (microsoft.public.windows.mediacenter)
  • Re: Administrator/User security issues
    ... i have setup all the accounts, ... folders for testing the security. ... permissions but the admin. ...
    (microsoft.public.windowsxp.security_admin)