Re: what is traverse? I don't get it.

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 11/06/04

• Next message: Fabrussio: "Re: Domain Administrator have lost all rights"
• Previous message: ptwilliams: "Re: PC's join domain to remote site DC's"
• In reply to: Jacques Koorts: "what is traverse? I don't get it."
• Messages sorted by: [ date ] [ thread ]

---

Date: Sat, 6 Nov 2004 11:46:36 -0700

If an account does not have a grant of the Bypass Traverse Checking
user right, then if they attempt to access say
c:\somedir\subdir\finaldir\file.txt
and they have a grant for file.txt for the type of access they are trying
the access will fail unless they also have a grant allowing them to
list the directories that are in the path, and there permissions will be
checked at each directory traversed to get to the file.
If they have this user right granted, then the checks for grants on the
directories traversed is not performed and so they can access the
file.txt even if they have no premissions on one or more of the folders.
Now, if they want to browse to the folder containing the file, they
will still need grants to list the directory contents of any directory
they want to "explore". Bypass traverse checking however would
allow then to access the file directly using its fully qualified path.

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Jacques Koorts" <jkoorts@ccalimited.com> wrote in message
news:10opr0rnmk14o2e@corp.supernews.com...
> Is traverse listing the folder, like typing "dir" at command prompt?
>
> If so then this contradicts:
>
> The Bypass traverse checking user right allows the user to browse through
> folders in the NTFS file system or in the registry without checking for
the
> Traverse Folder special access permission. The Bypass traverse checking
user
> right does not allow the user to list the contents of a folder; it allows
> the user to traverse its folders only.
>
> what is traverse exactly?? the dictionary says "to go through", what is
"to
> go through" in windows?
>
>

---

• Next message: Fabrussio: "Re: Domain Administrator have lost all rights"
• Previous message: ptwilliams: "Re: PC's join domain to remote site DC's"
• In reply to: Jacques Koorts: "what is traverse? I don't get it."
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: what is traverse? I dont get it. ... If an account does not have a grant of the Bypass Traverse Checking ... Now, if they want to browse to the folder containing the file, they ... (microsoft.public.win2000.new_user) Re: what is traverse? I dont get it. ... If an account does not have a grant of the Bypass Traverse Checking ... Now, if they want to browse to the folder containing the file, they ... (microsoft.public.win2000.setup) Re: what is traverse? I dont get it. ... If an account does not have a grant of the Bypass Traverse Checking ... Now, if they want to browse to the folder containing the file, they ... (microsoft.public.win2000.security) what is traverse? I dont get it. ... If so then this contradicts: ... The Bypass traverse checking user right allows the user to browse through ... Traverse Folder special access permission. ... (microsoft.public.win2000.new_user) what is traverse? I dont get it. ... If so then this contradicts: ... The Bypass traverse checking user right allows the user to browse through ... Traverse Folder special access permission. ... (microsoft.public.win2000.setup)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)