Re: What right allows full access?
From: Roger Abell [MVP] (mvpNOSPAM@asu.edu)
Date: 08/18/02
- Next message: Roger Abell [MVP]: "Re: How to make a copy of a 'Power User' Group?"
- Previous message: Roger Abell [MVP]: "Re: error: Server service is not started"
- In reply to: Dmitriy Kopnichev: "Re: What right allows full access?"
- Next in thread: Dmitriy Kopnichev: "Re: What right allows full access?"
- Reply: Dmitriy Kopnichev: "Re: What right allows full access?"
- Reply: Dmitriy Kopnichev: "Re: What right allows full access?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> Date: Sun, 18 Aug 2002 07:13:45 -0700
"Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message
news:ugTLjRpRCHA.1652@tkmsftngp09...
> I don't want to run Windows XP as an Administrator because of Viruses and
> Trojan horses, but want to have access to all files and folders.
So log in as an administrator, and then grant permission to
the Users group on those areas where your non-admin account
does not have access. Log off from the admin account until
you next need it for something. This did not involve taking
ownership. There are a couple areas where even Administrators
do not have access granted to them, and for these area only
taking ownership as an admin _might_ be needed. But to have
access as any account outside Administrators usually a grant
of Change to Users is sufficient.
And yes, while logged in as admin to modify permissions,
install that anti-virus software and set it to periodically get
signature file updates.
-- Roger Abell MS MVP (Windows Platform), MCSE, MCDBA Associate Expert - Windows XP ExpertZone http://www.microsoft.com/windowsxp/expertzone > "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message > news:eH5AXPmRCHA.3664@tkmsftngp11... > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message > > news:#Jx9H0jRCHA.2456@tkmsftngp09... > > > Should I grant the permission for a group to take ownership per disk? > > > > You can, if that is what you wish. But why is it so > > important for them to be able to take ownership? > > > > Also, say you go to the root of C: and drill into the > > Security tab, advanced view, highlight Everyone > > where this group has a grant of Read/Execute, Edit > > and scroll down and check to grant the permission > > to take ownership, apply, ok, etc. > > Afterwards, any account can take ownership of C: > > and of file/folders contained in C: except where > > inheritance of premissions from the C: root has > > been blocked and an new permissions inheritance > > point established (such as is the case for most dirs > > within a C: that is the install drive). > > Suppose someone now takes ownership of C:. > > They can now change the permissions at C: to > > grant their account and the SYSTEM account > > Full Contol, and also say to reset all premissions > > from there on down, leaving no other account with > > any permissions to anything. If there were no places > > where inheritance was blocked, it would be done. > > All of C: would be theirs and theirs alone. Now, > > in fact inheritance is blocked at many points in the > > install drive, so they will only get exclusive access > > to some of C: and error out when it tries to remove > > the inheritance blocks since they do not have the > > permissions to do that (unless you had gone out of > > your way to make it so that they did have the permission > > to take ownership everywhere). Anyway, you would > > end up with a junk system if they did this. > > But - that is how to do it. > > > > -- > > Roger Abell > > MS MVP (Windows Platform), MCSE, MCDBA > > Associate Expert - Windows XP ExpertZone > > http://www.microsoft.com/windowsxp/expertzone > > > > > > > "Roger Abell [MVP]" <mvpNOSPAM@asu.edu> wrote in message > > > news:euFRBjhRCHA.3648@tkmsftngp11... > > > > "Dmitriy Kopnichev" <kopn@hotbox.ru> wrote in message > > > > news:u8R78egRCHA.4088@tkmsftngp09... > > > > > How to grant the right to Take Ownership of any resource to a group > > > > account? > > > > > > > > You cannot. The permission to take ownership must be > > > > granted per resource. Otherwise, as Bruce indicated, make > > > > the accounts members of Administrators. > > > > > > > > -- > > > > Roger Abell > > > > MS MVP (Windows Platform), MCSE, MCDBA > > > > Associate Expert - Windows XP ExpertZone > > > > http://www.microsoft.com/windowsxp/expertzone > > > > > > > > > > > > > "BruceS" <bruce@senexet.com> wrote in message > > > > > news:3D5CF46B.2010302@senexet.com... > > > > > > Technically, it's the right to Take Ownership of any resource. If > an > > > > > > administrator is prevented from accessing something, he can always > > > take > > > > > > ownership. As the new owner he can change permissions to give > > himself > > > > > > access. > > > > > > -Bruce > > > > > > > > > > > > Dmitriy Kopnichev wrote: > > > > > > > > > > > > > Hello > > > > > > > What right allows an administrator account to have a full access > > to > > > > all > > > > > > > files? > > > > > > > -- > > > > > > > Please, click Message menu, then 'Reply to all' in Outlook > > Express. > > > > This > > > > > > > sends your reply to the newsgroups and to > > > > > > > my email address at the same time. Or reply to the newsgroups > and > > my > > > > > e-mail. > > > > > > > Mr. Dmitriy Kopnichev > > > > > > > e-mail: kopn@hotbox.ru > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
- Next message: Roger Abell [MVP]: "Re: How to make a copy of a 'Power User' Group?"
- Previous message: Roger Abell [MVP]: "Re: error: Server service is not started"
- In reply to: Dmitriy Kopnichev: "Re: What right allows full access?"
- Next in thread: Dmitriy Kopnichev: "Re: What right allows full access?"
- Reply: Dmitriy Kopnichev: "Re: What right allows full access?"
- Reply: Dmitriy Kopnichev: "Re: What right allows full access?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
