Re: NTFS permissions
- From: GLT <GLT@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Apr 2005 09:49:25 -0700
Anyone have any thoughts on this? It's been posted before but no one wants to
touch it, so it seems.....any help GREATLY appreciated. Thanks!
We've since migrated to Server 2003, but we need to keep an NT 4.0 BDC online
for awhile, so we are in Mixed-Mode. Problem is, strange things are
happening when you attempt to set NTFS Permissions on this NT 4.0 BDC
(Service Pack 6a).
Off of the Root of C:\ are two folders created a few moments apart as a test
to address this same problem that was discovered today:
Created Folder-1
Created Folder-2
Root Share: Everyone Full Control
Folder SHARE: Everyone Full Control on both.
NTFS Permissions on both:
Folder-1 is set for Administrator, Domain Admins at the NTFS Level. No other
Users or Groups. No one else can get in. Access denied. End of story.
Folder-2 also is set for Administrator, Domain Admins at the NTFS Level. No
other Users or Groups.
Here is where it is strange: ANYONE can breech Folder-2 across the network,
despite it's IDENTICAL permissions.
Any idea what's going on here? Same Permssions, same disk.
This has me thoroughly stumped. FWIW, this system is some seven years old;
don't know if there could be corrupted clusters causing this or not....
"Steve" wrote:
> Great Mark,
>
> That solves my problem
>
> Regards,
> Slobodan
>
> "mark" wrote:
>
> > Hello again :)
> >
> > Think of it this way - share permissions decide who is allowed what
> > permissions to the share resource. The NTFS permissions actually let them do
> > something on disk. If you set "Everyone" to read/write but NTFS permissions
> > only allows Administrators any access, "everyone" can connect to the share
> > resource - but only admins can read, write or do anything productive.
> >
> > With share permissions and NTFS permissions, the most strict permission
> > always wins. In your case, since your share permission is only read for
> > "Users" - nobody connecting to that share as a member of the "Users" group
> > will ever be able to do more than read.
> >
> > Now, it may be the late hour, but if you are going to use NTFS permissions
> > to explicitly allow or deny access to the subfolders, you should be able to
> > set "Users" share permissions to read/write on the USERS folder - and then
> > on your users subfolders you would use NTFS to restrict access to an
> > individual user (ie. remove "Users" group from NTFS permissions, and add in
> > the individual user that will have control of that folder - you may have to
> > "uninherit" permissions from parent folder.)
> >
> > Looking something like:
> > USERS : "Users" Read/Write Share Permissions
> > USERS\JohnDoe : Only have JohnDoe with FullControl (along with admins and
> > backup operators of course :D )
> >
> > That sort of make sense?
> >
> > --
> > Mark St. John
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> > "Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:AC8B3C4F-1B5D-4BE8-9829-C925522B48A4@xxxxxxxxxxxxxxxx
> > > Hi Mark,
> > >
> > > The only group in USERS folder is "Users" they have "Read" share
> > > permission
> > > and
> > > "Read", "Read and Execute", "List Folder Contents" NTFS permissions.
> > > I removed the Everyone group from USERS folder so it does not apperar in
> > > the
> > > list of usres/groups.
> > > I also didn't want to give more powerfull permissions other than "Read" to
> > > "Users" group because it would allow them to delete each others folders
> > > and
> > > also allow them to create files and folders outside their directories,
> > > which
> > > is not the way I want it to be.
> > >
> > > Any suggestions?
> > >
> > > Kind regards,
> > > Slobodan
> > >
> > >
> > > "mark" wrote:
> > >
> > >> I am guessing you have a share set as USERS and then each users folder
> > >> inside of it?
> > >> Example: USERS\User1 , USERS\User2, etc.
> > >>
> > >> If so, check your share permissions of USERS - you probably have
> > >> "Everyone"
> > >> set to read only.
> > >>
> > >> --
> > >> Mark St. John
> > >> This posting is provided "AS IS" with no warranties, and confers no
> > >> rights.
> > >>
> > >> "Steve" <Steve@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > >> news:DFD3125C-5919-4EDA-B5EB-6119D655B964@xxxxxxxxxxxxxxxx
> > >> > Hi,
> > >> >
> > >> > I need to set up a public folder which will hold separate subfolders
> > >> > for
> > >> > each user on the system (htere are 20 users)
> > >> >
> > >> > Each of these subfolders needs to be accessible from the clients
> > >> > running
> > >> > win
> > >> > XP
> > >> > and each of them needs to be accessible to only user it belongs to (so
> > >> > user
> > >> > will be able to read/create/delete files/folders within it, while other
> > >> > users
> > >> > on the system should have no access to it at all)
> > >> >
> > >> > I tried to set up permissions so that "user1" has "Full NTFS
> > >> > permissions"
> > >> > for "user1" folder and I removed the "Users" group "Read" permissions
> > >> > that
> > >> > was inherited from its parent folder, as a result when i try to access
> > >> > "user1" folder from win XP client (logged on as "user1") I can rad the
> > >> > contents of the folder but I can't write to it even though "user1" has
> > >> > Full
> > >> > NTFS permissions". Other users can't access the "user1" folder, which
> > >> > is
> > >> > fine.
> > >> >
> > >> > Can you please give me an advice on how to solve my problem and am I on
> > >> > the
> > >> > right track?
> > >> >
> > >> > Kind regards,
> > >> > Slobodan
> > >>
> > >>
> > >>
> >
> >
> >
.
- References:
- NTFS permissions
- From: Steve
- Re: NTFS permissions
- From: mark
- Re: NTFS permissions
- From: Steve
- Re: NTFS permissions
- From: mark
- Re: NTFS permissions
- From: Steve
- NTFS permissions
- Prev by Date: Bizarre Permission Behavior...
- Next by Date: Re: NTFS PERMISSIONS RESET TO DEFAULT
- Previous by thread: Re: NTFS permissions
- Next by thread: How can you to tell where groups (or users) have permissions set?
- Index(es):
Relevant Pages
|
