Re: XP Group/File Permissions (Possible BUG found)

From: Colin Nash [MVP] (cnash-REMOVETHIS-_at_mvps.org)
Date: 02/15/04 

Date: Sun, 15 Feb 2004 16:08:39 -0500

You don't have to reboot, just re-authenticate.

And its only when you add someone new to a group-- not when you change file
permissions. (Giving a new group access to a resource will work immediately
for people who are already in the group.)

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/access_tokens.asp

"adbdollar" <anonymous@discussions.microsoft.com> wrote in message
news:10f1401c3f402$d6057660$a501280a@phx.gbl...
> Hmmm, so from your response you seem to support this
> feature of having to reboot every time one modifies
> groups and permissions. I guess thats the easy solution
> to call it by design, but it does not change the fact that
> the feature sucks, and causes disruption in a production
> environment.
>
> I think I will stay with UNIX, as it just does not have
> these problems. Oh, and its on the UNIX certification
> exams as well.
>
>
> LOL FRUITCAKE!!!
>
>
> >-----Original Message-----
> >When a user logs into a system, they are issued a token
> which essentially
> >contains a listing of all the groups they are a part of.
> >
> >Adding a user to a group requires them to log off and
> back on (to either the
> >local system or the domain, depending on your situation)
> to receive the
> >updated token.
> >
> >I think that's what's causing your problem.
> >
> >This is well documented and by design. Common test
> question on MCP exams
> >too ;)
> >
> >
> >--
> >Colin Nash
> >Microsoft MVP
> >Windows Printing/Imaging/Hardware
> >
> >
> >
> >"adbdollar" <anonymous@discussions.microsoft.com> wrote
> in message
> >news:108a301c3f3f8$4dca5310$a001280a@phx.gbl...
> >> The machine runs:
> >> Windows XP Professional Service Pack 1 with all the
> >> recommended and security patches
> >> as of 02/15/2004
> >>
> >>
> >> Example of the problem:
> >>
> >> After creating a group lets say called "Apps", and then
> >> adding a few users, like "Administrator"
> >> or "user1", "user2" etc... to this new group
> >>
> >> Then assigning Permissions to a directory so that
> >> group "Apps" has full Access, and of course all members
> >> of this group should also have full access.
> >>
> >> However, this new permission scheme will not be
> reconized
> >> and take effect, unless the system is rebooted.
> >>
> >> What I mean is, the system will prevent any user in the
> >> new group from accessing the directory with the new
> group
> >> permissions, until a system reboot.
> >>
> >> After I reboot, the new permission strategy is in
> force,
> >> and every thing works fine.
> >>
> >> This is not very useful, as not everyone can afford to
> >> reboot machines, everytime they need to secure a
> >> directory or application.
> >>
> >> This seems like a bug, as one would expect it to be
> >> enforce, the moment one changes the permissions.
> >>
> >> However, I am also aware that some features that seem
> >> like a bug, are really features by design, and although
> >> that may be reasonable in some cases, this certainly
> can
> >> not be one of those.
> >>
> >> Well, one would expect it would not be.
> >>
> >> I can repeat this process as many times as one likes,
> and
> >> have even re-installed with the same outcome.
> >>
> >> Any suggestions?
> >
> >
> >.
> >

Relevant Pages

  • Re: XP Group/File Permissions (Possible BUG found)
    ... groups and permissions. ... the feature sucks, and causes disruption in a production ... >This is well documented and by design. ... >> permissions, until a system reboot. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Cant view reg key HKLMSWMSWindowsCurrentVersion
    ... Yes, we checked all of the permissions, but were unable to propogate them to ... A reboot fixed the problem completely. ... Microsoft MVP: Windows Server ... database server running SQL 2000. ...
    (microsoft.public.windows.server.general)
  • Re: XP Group/File Permissions (Possible BUG found)
    ... When a user logs into a system, they are issued a token which essentially ... > Then assigning Permissions to a directory so that> group "Apps" has full Access, and of course all members> of this group should also have full access. ... > What I mean is, the system will prevent any user in the> new group from accessing the directory with the new group> permissions, until a system reboot. ... > However, I am also aware that some features that seem> like a bug, are really features by design, and although> that may be reasonable in some cases, this certainly can> not be one of those. ...
    (microsoft.public.windowsxp.security_admin)
  • Administrator cannot anything: Access to the specified device, path, or file is denied.
    ... Administrator account recently - tinkering. ... So I went into safe mode, and checked the permissions for the user: ... directory on the hard drives and checked the "Reset and inherit ... Then I can reboot and operate normally. ...
    (microsoft.public.win2000.general)
  • Xp File permissions got me stumped
    ... suggested to resolve the in-ability to change file ... The permissions persistently remain at READ ... asks me if it must apply to all the files/ folders etc and ... control it ever since... ...
    (microsoft.public.windowsxp.general)