Re: XP Pro. Group Member permission question.

anonymous_at_discussions.microsoft.com
Date: 01/03/04 

Date: Sat, 3 Jan 2004 12:23:52 -0800

Your right!!!

I found using cacls that there was a problem with the
NTFS grants.

Thanks a million!!!!!!!!!!!

Now I can really secure this system!!!!

 
>-----Original Message-----
>Let us assume that there are no Deny ACEs in the
>NTFS security, or if so, they do not affect the account.
>
>By chance is the account where access is not being
>effective the same as the one you are using to define
>the custom group and grant the access ?
>
>For new group memberships to be seen and used,
>the account must be cycled through logoff/login.
>
>Otherwise, all that should be involved for local (not
>network share) access is:
>account in custom group
>custom group grants NTFS access
>account, and no group of which it is member, is
> not denied in the NTFS grants
>
>--
>Roger
>"Charlie Chong" <anonymous@discussions.microsoft.com>
wrote in message
>news:072101c3d21a$c8699090$a601280a@phx.gbl...
>> Well I believe I have granted NTFS persmissions (FULL)
to
>> the custom group. I performed this using the security
>> tab dialog, when one looks at the properties of an
object
>> in explorer.
>>
>> Am I missing something here?
>>
>> >-----Original Message-----
>> >You seem to understand the idea behind custom groups,
>> >but you are not catching the distinction between
>> ownership
>> >and permissions in NTFS. The Owner does not
>> automatically
>> >get any permissions except for the permission to
change
>> the
>> >permission grants. The custom group must still be
>> granted
>> >NTFS permissions, such as read/execute in your notepad
>> >group example. Also, a member in the custom group
must
>> >not be denied (as compared to a grant permission)
>> read/execute
>> >(or any grant that includes read/execute, such as full
>> control)
>> >whether the denial is directly for that account or for
>> any group
>> >in which the account is a member.
>> >
>> >
>> >"Charlie Chong" <anonymous@discussions.microsoft.com>
>> wrote in message
>> >news:063701c3d1c1$17101890$a101280a@phx.gbl...
>> >> Maybe I did not explain the scenareo clear.
>> >>
>> >> Here is what I tried to do:
>> >>
>> >> I wanted to create a group for every application on
the
>> >> system. For example:
>> >>
>> >> take notepad.exe for example:
>> >>
>> >> So I create a group called notepad, and add all of
the
>> >> users to this group, who are allowed to access the
>> >> program called notepad.exe.
>> >>
>> >> Then, I change the ownership of this program to the
>> group
>> >> called notepad. (assuming that all users in this
group
>> >> will be able to execute/read etc....)
>> >>
>> >> However, I find that when I do this, only one user
in
>> the
>> >> group can execute the program, and it is the user I
>> >> logged in as when I created the group.
>> >>
>> >> It is very strange, as the whole priniple behind
>> groups,
>> >> is to group users and associate permissions to the
>> group.
>> >>
>> >> Anyway, I must be missing something.
>> >>
>> >>
>> >>
>> >>
>> >> >-----Original Message-----
>> >> >somewhere there are obviously more restrictive
>> >> permissions. did you assign permissions to a shared
>> >> folder perhaps? even if you give full access on a
>> share,
>> >> the actual directory will still restrict access.
>> >> >
>> >> > ----- Charlie Chong wrote: -----
>> >> >
>> >> > I created a group. Installed 2 members in the
>> >> group.
>> >> >
>> >> > Assigned full permissions on directory tree
for
>> an
>> >> > application, and assigned the owner of the
>> >> directory tree
>> >> > to this new group.
>> >> >
>> >> > But only one of the groups members can execute
>> and
>> >> read
>> >> > the application that resides in this directory
>> tree.
>> >> >
>> >> >
>> >> > Why?
>> >> >
>> >> >
>> >> >.
>> >> >
>> >
>> >
>> >.
>> >
>
>
>.
>

Relevant Pages

  • Re: XP Pro. Group Member permission question.
    ... NTFS security, or if so, they do not affect the account. ... the custom group and grant the access? ... >>get any permissions except for the permission to change ...
    (microsoft.public.windowsxp.security_admin)
  • Re: XP Pro. Group Member permission question.
    ... > NTFS grants. ... >>NTFS security, or if so, they do not affect the account. ... >>For new group memberships to be seen and used, ... >>custom group grants NTFS access ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Setting Security/Permissions on a Folder??
    ... I am confused by sharing permissions and security ... > whether access is with local login or over the network. ... If you know that the NTFS level ... > NTFS allows to the accessing account. ...
    (microsoft.public.windowsxp.security_admin)
  • Clarification: IUSR access to the ASP.NET temp folder
    ... That folder has NTFS Full access for Network Service, ... What are the security implications of giving the IUSR_account NTFS ... granting access rights to the resource to the ASP.NET request identity. ... context) +85 ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: XP Repairing System.
    ... neglecting the fact that the 'so called' security ... then run internet from non-admin account. ... can then utilises the security features and ADS of NTFS to secure itself ... policy settings not available for FAT32, ...
    (uk.comp.homebuilt)
Quantcast