Re: Audit dept request

From: Ryan Hanisco <RyanHanisco@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 6 Oct 2007 08:17:00 -0700

Darren,

If you need to rely on the inheritance for some folders but would like to
restrict for others, your best option is to use an explicit deny on the sub
folders. You may find that you have to break the inheritance if the group is
explicitly defined upstream, but you really don't have much of a choice.

You may also consider creating a new security group for these users and
denying privileges downstream for this group. The group membership on the
explicit deny will override the permit that is inherited.
--
Ryan Hanisco
MCSE, MCTS: SQL 2005, Project+
http://www.techsterity.com
Chicago, IL

Remember: Marking helpful answers helps everyone find the info they need
quickly.

"Darren" wrote:

The group in question has access to the top folder and need to retain access
at this level and sub folders with the exception of a few sub folders.

TIA
"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb665dd018c9d5b3215f242f@xxxxxxxxxxxxxxxxxxxxxxx

Hello Darren,

Which groups has what rights on the top folder level?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights.

Hi All

Audit dept has requested, I remove a particular group access from a
number of sub folders but this group will need to retain access at the
higher (root )level .

I was wondering what would be the best way to do this.. Should I deny
access or remove the group ? Removing the group can get trick in my
opinion since I would have to uncheck inherit . As far as I know, it's
worse to mess around with turning off inheriting

Any feedback would certainly be appreciated.

TIA

References:
- Audit dept request
  - From: Darren
- Re: Audit dept request
  - From: Meinolf Weber
- Re: Audit dept request
  - From: Darren

Prev by Date: Re: How to add a domain user to local administrator group?
Next by Date: RE: Changing a field in AD
Previous by thread: Re: Audit dept request
Next by thread: Re: Audit dept request
Index(es):
- Date
- Thread

Relevant Pages

Re: Confusion over IO (Inherit Only) ACE on Vista
... I'd expect everything to be controlled by inheritance from the parent folders. ... Windows Server is done because inheritance might break, but it should not break in the first place! ... A simple & quick "inheritance" cannot solve the problem because some sub-nodes may be set to not inherit ACE from the parent object. ...
(microsoft.public.platformsdk.security)
RE: File Migration - Inheritance
... Subject: File Migration - Inheritance ... As we copied the security for these folders after much of the data had ...
(microsoft.public.windows.server.migration)
Re: File Migration - Inheritance
... Thanks Vincent. ... to set the perms on the files to the perms of the parent directory. ... Subject: File Migration - Inheritance ... As we copied the security for these folders after much of the data had ...
(microsoft.public.windows.server.migration)
Re: File permissions
... minutes to take ownership and set attributes of all files in this folder. ... folders since that is what is causing the root problem. ... strip the block inheritance setting if ... and then let the inheritable permissions trickle in. ...
(microsoft.public.windows.server.active_directory)
RE: Sub Sub Folder Emails Disappeared
... > I have noticed that tonight, without anything unusual happening, emails have ... > folders are all sub sub folders, ... When emails have been deleted all mails in that folder ...
(microsoft.public.windows.inetexplorer.ie6_outlookexpress)