Re: NTFS Security Question.



Thanks Steven. The advanced page did it - DOH!!!

Now, I'm still not sure why the "DENY" allowed this? My understanding (and
I've been an SE and MCT for over 20 years) is that DENY means exactly that.

In the NIX world, deny meand DENY as it does in NDS. Hmmm, perhaps I can get
rich off this and explain to the Gates Empire. NOT!

Anyway, I've been all over the web, and chatted with a lof of people. In
fact, I gave perms to a fellow in Boca Raton (whom I've know for years) to
vpn in and he checked. He was quite surprised as well.

Still looking into it, there must be something that I'm missing, but in the
meantime the Advanced Props fixed it.

Again, tx.

Wiley.

Wiley.
"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ks-dndyyOoxa6nfZnZ2dnUVZ_oudnZ2d@xxxxxxxxxxxxxx
Hmm. You might also check the advanced page for special permissions and
remove the two special permissions for users there for creating folders
and files to see if that makes a difference. It should work just by making
sure users do not have write permissions which is an implicit deny. If you
are testing with a user account that you changed group membership on make
sure you logoff as that user so that the new logon will reflect changes in
group membership.

Steve


"Wiley Coyote - N2K" <mits_mvp@xxxxxxxx> wrote in message
news:%23gzxRgWxGHA.2448@xxxxxxxxxxxxxxxxxxxxxxx
I believe I posted this in the WRONG post - oops.

So:

I have set NTFS perms on the Root of my system volume to EVERYONE: Deny
Write. Yet, I can still create folders and files! I've been an SE for a
longggg time and never saw this before. The perms are at the Root, so
there
is nothing to inherit.

This acount that I am using is NOT a member of any supernumery group,
just
a plain Jane user account. I logged in with admin rights to check the
NTFS
perms and all seems to be OK as follows:

System: CHANGE (not FC),
Everyone Read & Exec, List, Read ((Deny Write),
C.O. : nada,
Administrators: Change,
Users: Read & Exec, List, Read (Deny Write)

One of the reasons for this level of security is to prevent certain web
sites from dropping VB apps in the root and other silly things.

Anyway, just curious as to why I can (as an ordinary user) do this.

If anyone know what is happending that would be good.

Thanks.







.



Relevant Pages

  • NTFS Security Question.
    ... I have set NTFS perms on the Root of my system volume to EVERYONE: Deny ...
    (microsoft.public.windowsxp.security_admin)
  • Read-only shares on windows 2000
    ... FAT32 partition. ... I assigned the following perms: ... - (neither Allow nor Deny are checked) ...
    (microsoft.public.win2000.security)
  • Re: Cannot Delete A Public Folder
    ... I wouldn't worry about the deny on special. ... see if you can access the PF's that way, and if so delete that folder. ... I don't see send as and Receive as as listed perms on my public ... >>> If I go up the chain, the only perms that look to be denied are Send As ...
    (microsoft.public.exchange.admin)
  • slackware permissions
    ... Subject: slackware permissions ... Can anyone else confirm or deny that /var/log/cron has perms 666 in ... I checked on my desktop, and two laptops, and they all ... had 666 as the perms. ...
    (Vuln-Dev)
  • AW: UsersDeny except root@myserver
    ... (using Deny first then Allow same as Allow first then Deny) ... We decided not to use Allow/Deny USers and just limt root ... HEX reserves the right to monitor all e-mail communications through its networks. ...
    (SSH)