Re: Denials effect all groups and users instead of the one their assigned to.
From: Tom (Tom_at_Link.Com)
Date: 07/30/03
- Next message: Doug: "Help, I have hidden programs that are trying to access the internet"
- Previous message: Tom: "tricklerid"
- In reply to: Miha Pihler: "Re: Denials effect all groups and users instead of the one their assigned to."
- Next in thread: Miha Pihler: "Re: Denials effect all groups and users instead of the one their assigned to."
- Reply: Miha Pihler: "Re: Denials effect all groups and users instead of the one their assigned to."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jul 2003 14:03:58 -0700
That is the way I did it, I just didn't know the
term "account" in the PC frame of reference.
Once again this is a test of a more elaborate
security scheme. But, I have to have denial capibility,
and my first test of it for Users applied to non-User
accounts. I need to know deny works and how to deny
Users, without having it affect Power Users or
Administrators.
My test was set up like this:
Folder1
Folder2
File2
File1
On Folder1 I unchecked the inherit box. Then I
allowed "Tom" full control and I denied Users full
control.
But, I was surprised to find that "Tom" couldn't
even view the contents of Folder1.
Do you have any ideas?
Thank You,
Tom
>-----Original Message-----
>Did you put any allow permissions on this folder that
you would like to
>restrict access to? Did you remove Everyone permission
from the folder?
>
>You can open your account properties by e.g. right click
My Computer ->
>Manage -> Local Users and Groups -> Users -> double
click on user e.g.
>"mike" ...
>
>Mike
>
>"Tom" <Tom@Link.Com> wrote in message
>news:046501c356d5$e666b7a0$a301280a@phx.gbl...
>> When I go into the "Tom Properties" screen to the
>> members of tab, it says Administrators and Power Users
>> only. It does not say Users. But, when I deny Users,
it
>> affects my user. That is the problem.
>>
>> Thanks for working with me on this,
>>
>> Tom
>>
>> P.S. How would I open the "account" properties?
>>
>> >-----Original Message-----
>> >You are not a member of Users group only if you have
>> removed yourself from
>> >the group. By default any new user created on the
system
>> will first be
>> >member of User group. Then you can add him to another
>> groups and e.g. remove
>> >him from Users group...
>> >
>> >Open your account properties and check Member of tab.
If
>> shows Users group
>> >then you are still a member. If you are still a member
>> then setting deny on
>> >a folder will also effect you even if you are also in
>> Administrator and
>> >Power user group...
>> >
>> >--
>> >Mike
>> >MCSA 2K, MCSE 2K, MCT, ...
>> >
>> >"Tom" <Tom@Link.Com> wrote in message
>> >news:50a801c356cf$428c8430$a001280a@phx.gbl...
>> >> You mean that even though I don't have users
as my
>> >> group, I am still a member of Users by default?
>> >>
>> >> Thank you,
>> >>
>> >> Tom
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >In this case you don't have to put denial
permission.
>> (I
>> >> wouldn't do it --
>> >> >specially not on Users group since everyone
created on
>> >> the PC will be part
>> >> >of that group by default...). Try to stay away from
>> deny.
>> >> >
>> >> >Remember this rule!!!
>> >> >***
>> >> >On WinodwsXP most restrictive group will prevail.
So
>> if
>> >> you have full access
>> >> >on a resource as a member of Administrator group
and
>> >> deny access as a member
>> >> >of Users group you will be denied access to this
>> >> resource.
>> >> >****
>> >> >
>> >> >Best practice is (would be):
>> >> >- remove everyone from the folder permission
>> >> >- give users that need to access this folder
>> appropriate
>> >> permission (Read,
>> >> >Write, ...)
>> >> >(- give administrator full control in case there
is no
>> >> one else with full
>> >> >control)
>> >> >
>> >> >This (if setup properly) will deny user "Carrie"
>> access
>> >> to the folder...
>> >> >
>> >> >--
>> >> >Mike
>> >> >MCSA 2K, MCSE 2K, MCT, ...
>> >> >
>> >> >"Tom" <Tom@Link.Com> wrote in message
>> >> >news:00aa01c356c7$b0934cf0$a601280a@phx.gbl...
>> >> >> It is on a NTFS disk on the same machine
with
>> an
>> >> XP
>> >> >> Pro operating system.
>> >> >>
>> >> >> I am trying to setup a folder that Users are
>> >> denied
>> >> >> access to, bot that I can have access to as a
Power
>> >> User
>> >> >> or an Administrator. This is a test for a more
>> >> elaborate
>> >> >> setup.
>> >> >>
>> >> >> Thank you,
>> >> >>
>> >> >> Tom
>> >> >>
>> >> >>
>> >> >> >------------------------------------------------
--- >> --- >> >> - >> >> >> I'm I reported that the deny was put on user >> >> Carrie, >> >> >> however, it was actually place on group Users. >> >> >> Everything else is correct. >> >> >> >> >> >> Thank You, >> >> >> >> >> >> Tom >> >> >> >> >> >> >> >> >> >-----Original Message----- >> >> >> >On what resource? Is this folder restriction or >> some >> >> >> operating system >> >> >> >restriction that you would like to setup... >> >> >> > >> >> >> >-- >> >> >> >Mike >> >> >> >MCSA 2K, MCSE 2K, MCT, ... >> >> >> > >> >> >> >"Tom" <Tom@Link.Com> wrote in message >> >> >> >news:4f3501c356c2$6c9f28c0$a001280a@phx.gbl... >> >> >> >> I am administrator (user name Tom) a member >> of >> >> >> >> Administrators, and Power Users. When I put a >> deny >> >> on >> >> >> >> user name Carrie, a member of Users only, the >> deny >> >> >> >> affects me, too, no matter which deny I do it >> still >> >> >> >> effects me. >> >> >> >> >> >> >> >> Thank You, >> >> >> >> >> >> >> >> Tom >> >> >> >> >> >> >> >> >> >> >> >> >-----Original Message----- >> >> >> >> >Tom, >> >> >> >> > >> >> >> >> >can you give us more information. What user, >> what >> >> >> group, >> >> >> >> what are you trying >> >> >> >> >to deny... >> >> >> >> > >> >> >> >> >On WinodwsXP most restrictive group will >> prevail. >> >> So >> >> >> if >> >> >> >> you have full access >> >> >> >> >on a resource as a member of Administrator group >> >> and >> >> >> >> deny access as a member >> >> >> >> >of Users group you will be denied access to this >> >> >> >> resource. >> >> >> >> > >> >> >> >> >-- >> >> >> >> >Mike >> >> >> >> >MCSA 2K, MCSE 2K, MCT, ... >> >> >> >> > >> >> >> >> >"Tom" <Tom@Link.Com> wrote in message >> >> >> >> >news:0e5401c356b7$eb01e640 $a501280a@phx.gbl... >> >> >> >> >> Denials effect all groups and users >> instead >> >> of >> >> >> the >> >> >> >> >> one their assigned to. Is there any switch >> that >> >> >> >> controls >> >> >> >> >> this? >> >> >> >> >> >> >> >> >> >> Thanks in advance, >> >> >> >> >> >> >> >> >> >> Tom >> >> >> >> > >> >> >> >> > >> >> >> >> >. >> >> >> >> > >> >> >> > >> >> >> > >> >> >> >. >> >> >> > >> >> > >> >> > >> >> >. >> >> > >> > >> > >> >. >> > > > >. >
- Next message: Doug: "Help, I have hidden programs that are trying to access the internet"
- Previous message: Tom: "tricklerid"
- In reply to: Miha Pihler: "Re: Denials effect all groups and users instead of the one their assigned to."
- Next in thread: Miha Pihler: "Re: Denials effect all groups and users instead of the one their assigned to."
- Reply: Miha Pihler: "Re: Denials effect all groups and users instead of the one their assigned to."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
