Re: permissions clash
- From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 3 Aug 2006 17:14:47 -0400
Off the top of my head, I can't think of anything WS03-related that can't be
used on SBS. You can download and install the access based enumeration
stuff, the resource kit, etc. In fact, I use the WS03 admin tools on my XP
box to manage the server remotely from my desk, and I use the support tools
on the server itself.
I don't find as much use for some of the tools as I might in a larger
network - I seem to have installed "Cluster Administrator" and "Network Load
Balancing Manager" on my desktop - but whatever you see a benefit from
should work fine.
"Jerome" <foo@xxxxxxx> wrote in message
news:OsYmjRztGHA.4968@xxxxxxxxxxxxxxxxxxxxxxx
Dave Nickason [SBS MVP] wrote:
"Deny" trumps "Allow" in NTFS permissions. Because the members of the
security group are also included in Users, a Deny applied to the Users
group overrides any higher access level set elsewhere for those users.
Here's what I would do: Just set the permissions you want for the
appropriate users or security group, and don't worry about the other
users, except to look in Advanced to make sure they are not inheriting
permissions
from somewhere else. Test to make sure they don't have access
accidentally when you're all finished.
If you don't want them to be able to see the folders' contents, check out
a
cool thing that came in WS03 SP1 called access-based enumeration. It
keeps users from seeing resources they don't have permission to access.
http://www.microsoft.com/windowsserver2003/techinfo/overview/abe.mspx
Thanks Dave!
We are using 2003 SBS SP1 here and there doesn't appear to be any
Access-Based Enumeration. Is this a WS03-only tool? I see I can download
it
but is it safe to install on SBS 2003? Can I use the WS03 Resource Kit
Tools too?
"Jerome" <foo@xxxxxxx> wrote in message
news:OcFeKKntGHA.2224@xxxxxxxxxxxxxxxxxxxxxxx
I have a share called "Admin", and a group called "Admin". I wish to
have
only people in the "Admin" group see and operate on this share, and all
other Users denied. However, when I check the Effective Permissions for
a
user in the Admin group it appears that the Deny rights of the User
group
override the Full Control rights of the Admin group.
How should I do this properly?
I am using the "Admin" name to refer to the company (not server)
designation - only the company owner and his assistant should have
access
to the share, and no one else should be able to read files in it.
.
- References:
- permissions clash
- From: Jerome
- Re: permissions clash
- From: Dave Nickason [SBS MVP]
- Re: permissions clash
- From: Jerome
- permissions clash
- Prev by Date: abetools
- Next by Date: Re: Recommend Remote Control Software
- Previous by thread: Re: permissions clash
- Next by thread: Recover SA password
- Index(es):
Relevant Pages
|
