Re: XP Pro file permissions
From: Andrey Tarasevich (andreytarasevich_at_hotmail.com)
Date: 03/17/04
- Next message: Michael Solomon \(MS-MVP Windows Shell/User\): "Re: Got a bug, need help....."
- Previous message: Fritz: "Re: Got a bug, need help....."
- In reply to: Liam Falcon: "RE: XP Pro file permissions"
- Next in thread: Wesley Vogel: "Re: XP Pro file permissions"
- Reply: Wesley Vogel: "Re: XP Pro file permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Mar 2004 13:41:13 -0800
Liam Falcon wrote:
> Since the administrator account in question is also a member of the Users group, the DENY ACL and any other ACLs will take place. DENY ACLs take precedence over Allow ACLs. So, this administrator has full control by the first ACL you created, but because of the DENY ACL for write for group "Users" also applies to Administrator, that account is denied writing. Thing to remember? DENY will overrule an allow. Use with caution.
Yes, that's the conclusion I came to. But where can I see some kind of
chart or diagram of whatever that shows, what users/user groups are
implicitly included into what other user groups? For example this case
demonstrates that all members of 'Administrators' group in XP are
treated as members of 'Users' group at the same time, even though on my
machine the 'Administrator' account is not included into 'Users' group
explicitly.
This also brings the next question: how do I explicitly deny some
inherited permission to 'Users' without denying it to 'Administrators'
on some folder 'F'? The only way I see now is to stop inheriting
permissions to folder 'F' and specify all permissions explicitly. Can it
be done without breaking the inheritance?
> Secondly, the Everyone group is called an implied group. It does not technically exist, but the system recognizes it as a collection of any and all people. With the creation of "Authenticated Users" we now have a greater ability to give more open ACLs without giving away access to unknown users.
Thank you for your reply.
-- Best regards, Andrey Tarasevich
- Next message: Michael Solomon \(MS-MVP Windows Shell/User\): "Re: Got a bug, need help....."
- Previous message: Fritz: "Re: Got a bug, need help....."
- In reply to: Liam Falcon: "RE: XP Pro file permissions"
- Next in thread: Wesley Vogel: "Re: XP Pro file permissions"
- Reply: Wesley Vogel: "Re: XP Pro file permissions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
