Re: NTFS Permissions Question
From: MikeF (ctatraining_at_spammersgotojail.net)
Date: 02/04/05
- Next message: blastingfonda_at_gmail.com: "Re: NTFS Permissions Question"
- Previous message: blastingfonda_at_gmail.com: "Re: NTFS Permissions Question"
- In reply to: blastingfonda_at_gmail.com: "NTFS Permissions Question"
- Next in thread: blastingfonda_at_gmail.com: "Re: NTFS Permissions Question"
- Reply: blastingfonda_at_gmail.com: "Re: NTFS Permissions Question"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Feb 2005 23:24:27 -0500
Sorry for top post.
Answer is, modify includes delete, but not delete subfolders and files. If
they have modify on the parent folder they have delete on the parent, which
flows thru inheritance to the subfolders and files.
The purpose of the delete subfolders and files is to be applied to specific
subfolder(s) when delete is not inherited from the parent folder. Thus you
could have a parent folder to which the user's perms allow no deletion.
Under it you could have 5 subfolders. And under them more subs, and so on.
On two of the subfolders you might wish to give the user delete subfolders
and files. And here comes Microsoft, with just the permission you need.
The relevant info is available in Server 03 help. I copied it below, but if
it comes out garbled, searh on permissions, then find Permissions : Access
Control > Permissions For Files and Folders, then from a link on that page,
File and Folder Permissions.
It's admittedly finicky, but it makes sense.
Good luck
Mike
Delete Subfolders and Files Allows or denies deleting subfolders and
files, even if the Delete permission has not been granted on the subfolder
or file. (Applies to folders.)
Delete Allows or denies deleting the file or folder. If you do not
have Delete permission on a file or folder, you can still delete it if you
have been granted Delete Subfolders and Files on the parent folder.
Special Permissions Full Control Modify Read & Execute List Folder
Contents(folders only) Read Write
Traverse Folder/Execute File x x x x
List Folder/Read Data x x x x x
Read Attributes x x x x x
Read Extended Attributes x x x x x
Create Files/Write Data x x x
Create Folders/Append Data x x x
Write Attributes x x x
Write Extended Attributes x x x
Delete Subfolders and Files x
Delete x x
Read Permissions x x x x x x
Change Permissions x
Take Ownership x
Synchronize x x x x x x
<blastingfonda@gmail.com> wrote in message
news:1107470999.091325.292670@z14g2000cwz.googlegroups.com...
> I've Googled and searched all over Microsoft's site for an answer to
> this question and I'm completely stumped. Hopefully I can find an
> answer here...
>
> Everywhere I've read (Win 2k3 server documentation on Microsoft's web
> site, the Microsoft Press books, etc.), if a user is granted Modify
> permission, he cannot delete files or subfolders unless explicitly
> granted the Delete permission. However, the Full Control permission
> does include the Delete Subfolders and Files special permission.
>
> To see how this played out, I created a new user, TestUser, and created
> two new folders in a NTFS partition on a Win2k3 box as the Admin -
> Modify and FullControl. Each has a subfolder labeled Test with a file.
> TestUser has Modify rights on the Modify folder and Full Control rights
> to the FullControl folder. TestUser is not a member of the
> Administrators or any other group and no other users or groups have
> rights to these folders.
>
> When I log in as TestUser, I can delete the Test subfolder in the
> Modify folder. Why is this happening? Well, when I look at the ACL on
> the Test folder, I notice TestUser's Modify permission is inherited
> from the Modify folder -- and of course that includes the ability to
> Delete.
>
> So what happens when I flip off the inheritance checkbox? TestUser can
> no longer delete the subfolder - which is good. However, I then
> unchecked the inheritance checkboxes in the FullControl folder as well
> and logged on as TestUser. TestUser CAN'T delete subfolders when
> inheritance is flipped off, even though he has the Delete Subfolders
> and Files permission at the folder level. Once again, everywhere I've
> read states that a user with that permission should be able to delete
> subfolders regardless of a lack of explicit permissions.
>
> Try this scenario yourself to see what I'm experiencing... (who knows,
> it may just be a glitch on my config...)
>
> Needless to say I wouldn't give a rat's ass about this in real world
> situations and would simply assign Deny permissions in cases where I
> didn't want to give people access, but on the MCSE tests there are a
> ton of questions on permissions and inheritance that don't really
> correspond to real world scenarios, but may deny someone from getting a
> useless piece of paper that companies nonetheless put value in if they
> get those questions wrong.
>
> Any help on this would be appreciated...
>
> - bf -
>
- Next message: blastingfonda_at_gmail.com: "Re: NTFS Permissions Question"
- Previous message: blastingfonda_at_gmail.com: "Re: NTFS Permissions Question"
- In reply to: blastingfonda_at_gmail.com: "NTFS Permissions Question"
- Next in thread: blastingfonda_at_gmail.com: "Re: NTFS Permissions Question"
- Reply: blastingfonda_at_gmail.com: "Re: NTFS Permissions Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
