Re: NTFS Security Question.
- From: "Wiley Coyote - N2K" <mits_mvp@xxxxxxxx>
- Date: Tue, 22 Aug 2006 08:32:46 -0600
Not drawing a parallel, simply stating the Child-Inherit-Parent issue.
As for setting DENY, this was done on a test machine that we use for things
like this. In this case, expicit/implicit allow was not the goal, we wanted
to see what would happen at the root. More correctly, one of my students was
curious (which lead to the start of the whole thing).
I would never do this in production. None the less, a lesson was learned and
insight gained, so in my humble opinion, it was worth the effort.
Tx
"Ian" <Ian@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:091D027E-F54A-485D-AEE8-1D3D58EA2296@xxxxxxxxxxxxxxxx
NTFS permissions are fundamentally different from Unix or Netware
permissions, therefore it's not wise to draw too many parallels.
I would be careful about setting Deny permissions (especially to everyone
on
the root!) as it's quite possible to lock the Administrator out this way,
and even the usual route of taking ownership might not get you back in if
what you've done denies access to creator/owner. In general, Deny
permissions should only be used in a few special cases where Allow
permissions can't achieve the desired result.
.
- References:
- NTFS Security Question.
- From: Wiley Coyote - N2K
- Re: NTFS Security Question.
- From: Steven L Umbach
- Re: NTFS Security Question.
- From: Wiley Coyote - N2K
- Re: NTFS Security Question.
- From: Steven L Umbach
- Re: NTFS Security Question.
- From: Wiley Coyote - N2K
- NTFS Security Question.
- Prev by Date: Folder security
- Next by Date: Re: Administrators vs Debugger Users
- Previous by thread: Re: NTFS Security Question.
- Next by thread: Re: administrator.000, administrator.001, etc.
- Index(es):
