Re: Need help with Shared drives and permissions
- From: BrianG <decc@xxxxxxxxxxx>
- Date: 31 May 2007 12:29:21 -0700
On May 31, 12:48 pm, "AllenM" <B...@xxxxxxxxxxxxxxx> wrote:
Incorrect Brian. I think you are misunderstanding how "inheritance" works
and can be applied. If you check a sub folder and see that it is inheriting
permissions from the parent folder yet on that sub folder you see a group
that wasn't listed in the parent folder that is ok. I can have a sub folder
that inherits permissions from a parent folder and add a user or group. This
user or group will not show in the parent folder because it is not listed.
Now from this sub folder I can add a user or a group to lower sub folder
turn off inheritance and they will not show in the parent folder or the
first sub folder. Maybe I'm misunderstanding you but from what I read in
your last post I believe I explained what you are seeing.
C:\ Administrators - FULL, SYSTEM - FULL, Backup Operators - FULL,
Everyone - Special (Usually have Traverse and Read) These groups should be
inherited to all Child Objects.
Sub Level 1 Folder: Administrators - FULL, SYSTEM - FULL, Backup
Operators - FULL, Everyone - Special (Usually have Traverse and Read) <---
inherited from Parent Folder (C:)
Now from here I add DOMAIN/Test UsersAA- Modify. All permissions are
still inherited to all Child Objects
Sub Level II Folder: Administrators - FULL, SYSTEM - FULL,
Backup Operators - FULL, Everyone - Special (Usually have Traverse and
Read), <--- inherited from Parent Folder (C:), DOMAIN/Test UsersAA- Modify
<---- inherited from Sub Level I folder.
Now at this level let's say I do not want the DOMAIN/Test Users
AA to have access to this Sub Level II folder yet I need to have DOMAIN/TEST
UsersBB to have modify access here. I turn off inheritance. Copy the
inheritant permissions. Remove the DOMAIN/Test UsersAA group and
Everyone - Special (Usually have Traverse and Read), <--- inherited from
Parent Folder (C:) and add the DOMAIN/TEST UsersBB. I turn on inheritance to
all "child objects".
So now from this point on down permissions look like
Administrators - FULL, SYSTEM - FULL, Backup Operators - FULL,
DOMAIN/Test UsersBB- Modify
"BrianG" <d...@xxxxxxxxxxx> wrote in message
news:1180619826.337726.205710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On May 30, 3:48 pm, "AllenM" <B...@xxxxxxxxxxxxxxx> wrote:
You can find the source of the inheritance from checking the NTFS
permissions on the folder. If the option to change the permissions are
greyed out then that folder is inheriting. By default all folders
inherit.
You need to decide at what level you need to turn off inheritance. Note:
You
should copy all inheritance before turning it off because most folders do
need to inherit from the root.
"BrianG" <d...@xxxxxxxxxxx> wrote in message
news:1180548515.342192.146160@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I can't find the source of some inherited permissions to folders
located in D:. I thought maybe it was from the sharing of D: but
further digging shows that not to be the case. Is there a utility
that can print out or show in graphical terms all groups and each
groups members?
BrianG
Yeh, I can see the inherited permissions to the folder when I check
the advanced permissions of some of my users but the permissions
aren't granted at the parent folder (also the root). This means that
some of my user must be members of a group who have the permissions
but I've checked membership of all groups who I have granted
permissions to the folder and these users are not members. Again,
some sort of utility that would print or show in a graphical way all
groups and their corresponding members would be invaluable.
BrianG
AllenM-Thanks so much for the help and the detailed explanation on
inherited permissions.
What I'm seeing is all of my domain users having the following
effective permission on D: (root)
Traverse folder/Execute file
List folder/Read data
Read attributes
Read extended attributes
Read permissions
Since I can't find where these permission are granted can I then
assume correctly that these permissions are granted by default on an
administrative share? I just can't imagine MS assumes we want these
permissions inherited by all Sub Level folders by default.
If the above is indeed true, then to disable these inherited
permission at each Sub Level 1 folder I simply need to uncheck the
"Allow inheritable permissions..." option for each folder. Correct?
If the default permission assumption is not true then I still need to
figure out why my users have those permissions granted at D:
BrianG
.
- Follow-Ups:
- Re: Need help with Shared drives and permissions
- From: AllenM
- Re: Need help with Shared drives and permissions
- References:
- Need help with Shared drives and permissions
- From: BrianG
- Re: Need help with Shared drives and permissions
- From: AllenM
- Re: Need help with Shared drives and permissions
- From: BrianG
- Re: Need help with Shared drives and permissions
- From: AllenM
- Re: Need help with Shared drives and permissions
- From: BrianG
- Re: Need help with Shared drives and permissions
- From: AllenM
- Need help with Shared drives and permissions
- Prev by Date: Random bugchecks 0x0000000a
- Next by Date: Re: SCW Error when applying security template
- Previous by thread: Re: Need help with Shared drives and permissions
- Next by thread: Re: Need help with Shared drives and permissions
- Index(es):
Relevant Pages
|
