Re: Nested Permissions and Traversing...Best Practice

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Yes, that is correct....you don't HAVE to grant traverse permissions. Users
can explicitly access the nexted directory. However, that assumes alot
about the ability of your users. Assume that I am dealing with severe "layer
8" users who only know how to access something by browsing to it. In that
case I must grant them traverse permissions.

In that case what is the best practice.



"Thomas McLeod" wrote:

> I'm not the expert in this area, but my understanding is that one doesn't
> need to grant transverse permissions if absolute paths are used. I.e., you
> can grant everyone access to G:\AppDev\Fiscal Systems\Active Projects\IT2500
> directory, without transverse permissions on the path. But, then everyone
> could not access IT2500 via a sibling path like G:\AppDev\Fiscal
> Systems\Active Projects\IT25XX\..\IT2500\.
>
> Thomas
>
>
>
>
> "SixDoubleO" <SixDoubleO@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:3224A720-D9FE-4788-9239-7B7811F1BDFB@xxxxxxxxxxxxxxxx
> > I have a question about convention or best practices in terms of file
> sharing
> > and nested permissions.
> >
> > Assume I have the following path:
> >
> > G:\AppDev\Fiscal Systems\Active Projects\IT2500
> >
> > Staff want to limit access to the AppDev folder to just the application
> > development folks. But then at a lower level (at the IT2500 folder) they
> > want to allow a people outside the appdev group access to the folder.
> >
> > My question is not how to do this...well, sorta. What I want to know is
> how
> > some of you are dealing with these types of situations, as they can create
> an
> > administration hassle.
> >
> > As I see it I'd have two Domain Local Resource Groups...
> >
> > F_G_AppDev_W
> > This grants Write access to the folder G:\AppDev and all folders beneath
> it.
> >
> > F_G_AppDev_Fiscal Systems_Active Projects_IT2500_W
> > This grants Write access to the IT2500 folder underneath the AppDev tree.
> >
> > I would then need to assign Traverse/List access to the IT2500 group all
> the
> > way up the tree so that these people can browse down to IT2500. This is
> > messy, especially considering this is only one of many examples where
> staff
> > would like this to happen.
> >
> > I'd love to hear suggestions on how to deal with this. Should I just
> moved
> > IT2500 out to the root of G:\?
> >
> > Thanks for any opinions you might be able to provide.
> >
> > Dave
> >
> >
> >
> >
> >
>
>
>
.

Relevant Pages

  • Re: can I use GPO for remote folder management?
    ... > that group to have the permissions you want him able ... > to grant to others. ... Folder and subfolders. ... >> we have one stand alone 2003 server. ...
    (microsoft.public.win2000.group_policy)
  • Re: NTFS woes
    ... starting with a grant of Full and subtracting part of it ... gives it and it gets taken away by deny) but this Posix compliance ... On the parent folder I already had unchecked Take Ownership, ... Permissions and Delete. ...
    (microsoft.public.windows.server.security)
  • Re: File/directory permissions
    ... >> projects will have the right permissions by default. ... the requirement that the users not be able to create new subfolders or files ... directly under a project's folder. ... grant List folder contents, and Read to the group of the project. ...
    (microsoft.public.win2000.security)
  • Re: XP file security issue - deletion is possible
    ... This is because the account you are using has a grant ... of Full Control on the containing folder. ... Due to Posix compliance requirements Full Control confers ... > I then modify the permissions on this file: ...
    (microsoft.public.windowsxp.security_admin)
  • Re: USERS group has the ability to change security permissions???
    ... Please use the Advance view in the NTFS permissions dialog to ... When there is a generic grant and a special grant to the same entity ... the RESULT: user level access can change NTFS ...
    (microsoft.public.win2000.security)