Re: NTFS Security Question.
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 21 Aug 2006 22:19:36 -0500
Hmm. You might also check the advanced page for special permissions and
remove the two special permissions for users there for creating folders and
files to see if that makes a difference. It should work just by making sure
users do not have write permissions which is an implicit deny. If you are
testing with a user account that you changed group membership on make sure
you logoff as that user so that the new logon will reflect changes in group
membership.
Steve
"Wiley Coyote - N2K" <mits_mvp@xxxxxxxx> wrote in message
news:%23gzxRgWxGHA.2448@xxxxxxxxxxxxxxxxxxxxxxx
I believe I posted this in the WRONG post - oops.
So:
I have set NTFS perms on the Root of my system volume to EVERYONE: Deny
Write. Yet, I can still create folders and files! I've been an SE for a
longggg time and never saw this before. The perms are at the Root, so
there
is nothing to inherit.
This acount that I am using is NOT a member of any supernumery group,
just
a plain Jane user account. I logged in with admin rights to check the NTFS
perms and all seems to be OK as follows:
System: CHANGE (not FC),
Everyone Read & Exec, List, Read ((Deny Write),
C.O. : nada,
Administrators: Change,
Users: Read & Exec, List, Read (Deny Write)
One of the reasons for this level of security is to prevent certain web
sites from dropping VB apps in the root and other silly things.
Anyway, just curious as to why I can (as an ordinary user) do this.
If anyone know what is happending that would be good.
Thanks.
.
- Follow-Ups:
- Re: NTFS Security Question.
- From: Wiley Coyote - N2K
- Re: NTFS Security Question.
- References:
- NTFS Security Question.
- From: Wiley Coyote - N2K
- NTFS Security Question.
- Prev by Date: Re: Encrypt profile directory
- Next by Date: Re: please recommend a registry cleaner tool?
- Previous by thread: NTFS Security Question.
- Next by thread: Re: NTFS Security Question.
- Index(es):
Relevant Pages
|
