Re: NTFS Effective Permissions?

From: Al Dunbar [MS-MVP] (alan-no-drub-spam_at_hotmail.com)
Date: 01/29/05 

Date: Fri, 28 Jan 2005 18:31:02 -0700

"Gerry Hickman" <gerry666uk@yahoo.co.uk> wrote in message
news:eI3P0gKBFHA.3352@TK2MSFTNGP12.phx.gbl...
> Al Dunbar [MS-MVP] wrote:
>
> >>What script? I thought you originally said they got there by standard
> >>built-in profile creation?
> >
> > Pardon, *our* standard involves the use of *our standard* script which
is
> > used to create, permit, and share the folder. permissions are done by
cacls,
> > and, obviously, done in exactly the same way every time.
>
> But this is no good for a test case. We'd have to see if the GUI works
> correctly with Microsoft's standard implementation, not you're own
> standard. How do we know your script is perfect? Since the SYSTEM has
> full control, how do we know it didn't get changed since you set it up?

It may not be perfect, but it creates folders and sets permissions (using
cacls) in exactly the same manner unconditionally every time. Whether this
is true or I am making it all up is immaterial to the question as to whether
it is possible for ACL's to somehow become a bit different through otherwise
normal use of the system, and, if so, by what mechanism. If nobody can
answer this, then I must assume that, in the cases I have mentioned, someone
made some permissions change without my knowledge, or this is common and
nobody else has looked at it and asked the question.

> > Although the original example (Jon and Al) was a case of Windows XP
> > profiles, the work example is home directories, not profiles.
>
> I'm only looking at the example of the two profiles you gave, that's the
> only data I have in front of me.

Yeah, there are kind of policies against publishing internal stuff on
usenet. However, in the Jon & Al cases, the folders were created by XP when
we first logged in.

Anyway, I am growing tired of this thread, and (no discredit to you) do not
expect to get much resolution on it. I would still like to get a better
handle on the lower level nitty gritty details of ACLs, but in the meantime
I can get by.

/Al

Relevant Pages

  • Re: Cant delete mystery folders in C: drive
    ... Open a Command Prompt ... cacls EBCFBF~1\Update (to check the permissions) ... It seems that both of those oddly-named folders were directly ...
    (microsoft.public.windowsxp.general)
  • Re: Cant delete mystery folders in C: drive
    ... Open a Command Prompt ... cacls EBCFBF~1\Update (to check the permissions) ... It seems that both of those oddly-named folders were directly ...
    (microsoft.public.windowsxp.general)
  • Re: Moving roaming profiles
    ... its files and folders. ... > I have roaming profiles setup on ServerA. ... > from ServerA to ServerB but am at a loss as to how to do this. ... > to do this without having to reset all the permissions on ServerA ...
    (microsoft.public.win2000.active_directory)
  • Re: Roaming Profile slow and folder redirection advice
    ... I have not moved to Roaming Profiles have no complaints and logons ... GP and put these folders on the list of folders that do not get ... If you'er going to use roaming profiles, you really need to use folder ... Make sure the share permissions on profiles$ indicate everyone=full ...
    (microsoft.public.windows.group_policy)
  • Re: Moving Roaming Profile
    ... Profiles do not honor in heritance of permissions. ... Just the redirected folders are fine... ... because all my redirection settings and roaming profiles locations are done ...
    (microsoft.public.windows.terminal_services)
Loading