Re: Totally confused with this NTFS scenario!

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

No, TEST.TXT was created with the adminstrator account, so the admin
is the owner.


On Mon, 27 Nov 2006 17:17:31 -0500, "AJR" <ajrjdr@xxxxxxxxxxx> wrote:

In addition to "dragon without wings's" reply - in creation of the file did
"user1" become the owner?

"Dragon Without Wings" <DragonDance@xxxxxxxxxxxxxxxxx> wrote in message
news:2A57650C-603B-46F0-9921-34AF4AACB494@xxxxxxxxxxxxxxxx
"John" wrote:

Can someone please tell me why this is not working?
I'm using xp sp2 with the NTFS file system.

Scenario:

* Using the admin account, I created a standard user, named "User1"

* I have a folder at the root of C:\ called "DATA"

* I disabled inheritance for "C:\DATA" Via the admin account

* I removed all entries from the C:\DATA folder's ACL and added the
users group "Full Control" for "This Folder, Subfolders, and Files"

* Under the C:\DATA folder I created a text document called TEST.TXT

* On TEST.TXT, i disabled inheritance, removed all entries on the ACL,
and then and added only one entry to the ACL which is set to: User1
to have Read-only access.

Now, when I log into xp using the User1 account, i can access the
TEST.TXT file as expected, but I am able to delete it. Why is this
the case if User1 has only read permissions on that file? I thought
that by shutting off inheritance for individual files enables you to
have more granular control over objects via their own ACL. I thought
i would have received an access denied message. Why is it still
looking at the Users Group "Full Control" setting on the parent folder
if I shut off inheritance for the TEST.TXT file? How do I do a
workaround?

John



Principal rule for NTFS permission: "NTFS permissions are cumulative".
This
means that a user's effective permissions are the result of combining the
user's assigned permissions. If your User1 is belong to the User Group
then
he will have Read and Change permissions on that TEST.TXT file which in
turn
allows him to delete the file.


.

Relevant Pages

  • Re: XP Pro. Group Member permission question.
    ... NTFS security, or if so, they do not affect the account. ... the custom group and grant the access? ... >>get any permissions except for the permission to change ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Why does Everyone have Full Control of everthing?
    ... Analysis snap-in to apply the Setup Security template to my machine, ... Perhaps I should have only applied the file permissions ... using the personal account created at setup. ... >list of default NTFS permissions for Windows 2000. ...
    (microsoft.public.windowsxp.general)
  • Re: impersonation and ado access connection
    ... To rule out NTFS issues, I went so far as to give EVERYONE full control ... (with replace permissions on all child objects) ... I am implementing impersonation in my machine.config for IIS application Isolation of the ASPNET worker process. ... I am giving the new account the same permissions to files and folders that the aspnet account had. ...
    (microsoft.public.windows.server.security)
  • Re: impersonation and ado access connection
    ... To rule out NTFS issues, I went so far as to give EVERYONE full control ... (with replace permissions on all child objects) ... I am implementing impersonation in my machine.config for IIS application Isolation of the ASPNET worker process. ... I am giving the new account the same permissions to files and folders that the aspnet account had. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: XP Security
    ... There are permissions on the share controlling what ... Also, when NTFS grants more than the share grant, ... Home can only be in Simple sharing mode. ... account for purposes of checking the NTFS grants. ...
    (microsoft.public.windowsxp.security_admin)