Re: NTFS problem

Hi Niv,

I'm not totally sure I follow the question.
Bob is mapping his H: to a share on a file server. Call it
\\server\data.

The Share level permissions on this share are "full control" for
everyone.
The file system level shares on the root folder as full control to
administrator, and read/write to domain users.
It's this account's folder where we disabled inheritance and locked
down. So far however, the lockdown doesn't appear to be 100%.

The permissions on the accounts folder are exactly as they are spelled
out below. Change permission to the Accounts group, Full Control to
administrator. No other permissions.


Niv Raz wrote:
Hi ,

Is user BOB maps to a knowen share? what is the permissions of this share?
what the permission of the folder (F/S Level)?

Cheers,
N.

<jsmall@xxxxxxxxxxxxxx> wrote in message
news:1150267154.732657.257800@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

I posted about this a while back, but didn't get to follow it through.

Anyway, consider this command, where H: is mapped to a share on a
Windows 2003 file server:

H:\>cacls accounts
H:\Accounts Domain\Accountants:(OI)(CI)C
Domain\administrator:(OI)(CI)F

It demonstrates that the domain administrator has full control on the
"accounts" folder, and the accounts group has change control. No other
users should have access.

We have a user. Let's call him Bob. I have checked, double checked and
triple checked that he is not in the "accountants" group.

When he logs into a Windows 2003 terminal server, maps the drive in
question, he gets an "access denied" when he tries to open the folder
in question.

When he logs onto his Windows XP workstation, member of the same
domain, he CAN list the files in that folder. He cannot open them,
("access denied" again) but he CAN list them, which is a security issue
to us.

He does not have Full Control on the H:, and I have disabled caching on
the share as recommended already.

Any assistance appreciated.


.

Relevant Pages

  • Re: File Sharing (again - sorry, Pd)
    ... InTerminal, type umask. ... Back in the good old days, Mac OS X user accounts ... The reason that the file permissions are "resetting" each time the ... that folder inherit the ACLs from the folder. ...
    (uk.comp.sys.mac)
  • Re: is it necessary for new users to be local admins?
    ... HOW TO Create and Configure User Accounts in Windows XP ... HOW TO Set, View, Change, or Remove File and Folder Permissions ... limited accounts, you can fix it to allow limited users to access the ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Limited users and Internet access
    ... It's not sharing, it's permissions. ... Set, View, Change, or Remove File and Folder Permissions in Windows ... The problem lies in how they've written their supporting software. ... >>> Administrative accounts! ...
    (microsoft.public.windowsxp.general)
  • Re: Now no access to two folders
    ... access to two of the user accounts on the laptop. ... My (admin) My Documents ... I've shared the My Documents folder in these two ... You can try playing with permissions, ...
    (microsoft.public.windowsxp.network_web)
  • Re: WebDAV security on IIS problems
    ... folder to two accounts - one with read access and the other with full. ... This Virtual Directory point to a a share on FILE1. ... Directory Browsing, Read, Write and Excute permissions on the folder. ...
    (microsoft.public.inetserver.iis.security)