Re: Groups Permissions; creating a new group & adding full access does not appear to work

From: c5 (cubafive_at_yahoo.com)
Date: 12/22/04 

Date: 22 Dec 2004 11:52:01 -0800

Jimmy Andersson [MVP] wrote:
> Are they members of any other groups with access denied?
> The reason that you can add them individually is because they get
explicit
> permissions.

Hey, very good question. The answer is No.

And you are right, they get explicit permissions, and you hit upon the
"sum of permissions" as members of other groups. Which sort of had
something to do with this...

But I think the problem was that the user was "logged on" (via a
network share; the user would show up in Sessions).

When a User is logged on, changing explicit permissions happen right
away, i.e. I (Administrator) click "Apply" to folder permissions and
the user indeed has those permissions next access.

However, when a User is logged on, adding/removing a User to/from a
Group and (I think, there are many permutations to test) changing Group
permissions the results are like they are "cached", i.e. the User must
log off and then log on for the permissions to be as expected.

So, I would add a user to a group, change the group to full access, and
because the User was logged on it looked like it did not work. But I
think (I still have more testing) it works as expected when the user
logs off/on.

Relevant Pages

  • [UNIX] Privilege Escalation Vulnerability on phpBB
    ... permissions), so although admin rights are needed to view the page, anyone ... Goto the board you wish to change the permissions for in the normal way ... Find the base directory location of the board for the script, ... This bulletin is sent to members of the SecuriTeam mailing list. ...
    (Securiteam)
  • RE: Send As permissions getting overwritten
    ... The issue should be caused that the users are members of the 'Domain ... Apply the 'Users' template to the existing power users using the Change ... User Permissions Wizard. ... >I've set up the security auditing as you've specified, ...
    (microsoft.public.windows.server.sbs)
  • Re: Securing IIS IUSER
    ... so that these account are not effectively Users members, ... > I then explicitly granted it read permissions to the wwwroot, ... Before granting IUSER permission to read the files/folder, ... > are any of these permitting IUSER access to files and folders with "Users" ...
    (microsoft.public.windows.server.security)
  • Re: Problem managing accounts in protected groups
    ... we have two domain admins: ... that someone will give more security permissions to users then to the admins. ... I think you have realized that the account management group is able to reset ... Most members of OU A are either members of Domain ...
    (microsoft.public.windows.server.active_directory)
  • Re: Whatever happened to Site Groups in WSS 3.0?
    ... enormous number of groups at the site collection level. ... certain lists that are read only to team members) while the same individual ... Team Members) then break the inheritance of permissions on certain lists and ...
    (microsoft.public.sharepoint.windowsservices)
Quantcast