Re: Totally confused with this NTFS scenario!

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

In addition to "dragon without wings's" reply - in creation of the file did
"user1" become the owner?

"Dragon Without Wings" <DragonDance@xxxxxxxxxxxxxxxxx> wrote in message
news:2A57650C-603B-46F0-9921-34AF4AACB494@xxxxxxxxxxxxxxxx
"John" wrote:

Can someone please tell me why this is not working?
I'm using xp sp2 with the NTFS file system.

Scenario:

* Using the admin account, I created a standard user, named "User1"

* I have a folder at the root of C:\ called "DATA"

* I disabled inheritance for "C:\DATA" Via the admin account

* I removed all entries from the C:\DATA folder's ACL and added the
users group "Full Control" for "This Folder, Subfolders, and Files"

* Under the C:\DATA folder I created a text document called TEST.TXT

* On TEST.TXT, i disabled inheritance, removed all entries on the ACL,
and then and added only one entry to the ACL which is set to: User1
to have Read-only access.

Now, when I log into xp using the User1 account, i can access the
TEST.TXT file as expected, but I am able to delete it. Why is this
the case if User1 has only read permissions on that file? I thought
that by shutting off inheritance for individual files enables you to
have more granular control over objects via their own ACL. I thought
i would have received an access denied message. Why is it still
looking at the Users Group "Full Control" setting on the parent folder
if I shut off inheritance for the TEST.TXT file? How do I do a
workaround?

John



Principal rule for NTFS permission: "NTFS permissions are cumulative".
This
means that a user's effective permissions are the result of combining the
user's assigned permissions. If your User1 is belong to the User Group
then
he will have Read and Change permissions on that TEST.TXT file which in
turn
allows him to delete the file.


.

Relevant Pages

  • NTFS meltdown :-(
    ... I seem to be having an NTFS meltdown here. ... NTFS permissions thoroughly, but I appear to be regressing. ... why would user1 still be able to ... (nothing else on ACL) ...
    (microsoft.public.cert.exam.mcsa)
  • Re: networking with different groups
    ... >> desired access permissions for each shared disk and folder. ... >the permissions there is no way I can see USER1. ... It's your choice whether to create 6 individual user accounts or 2 ...
    (microsoft.public.windowsxp.network_web)
  • Re: Totally confused with this NTFS scenario!
    ... No, TEST.TXT was created with the adminstrator account, so the admin ... Using the admin account, I created a standard user, named "User1" ... Principal rule for NTFS permission: "NTFS permissions are cumulative". ...
    (microsoft.public.cert.exam.mcsa)
  • All or nothing NTFS permissions???
    ... I've added user1 and user2 as users and added them to an FTPAccounts ... the user has free reign to read/write to any sites on ... even though no other permissions have been given. ... applies even when the virtual directory points to a directory that is ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: to access files on Win2003 server requires a second password
    ... > Check on your file server that user1 has NTFS permissions to access these ... Also make sure that user1 has permissions to access share on the ... If User1 only has access on share, but not on NTFS, user will be ...
    (microsoft.public.windows.server.setup)