ACL Issue
- From: Massimo <Massimo@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 10 Apr 2009 06:00:01 -0700
Hi to all and sorry for my english.
This is my test environment
Windows 2003 SBS
Windows Xp Pro workstation joined in domain
User1 and User2
In WIndows 2003 SBS i share a folder named "test"
In share permission i set
User1 full control
User2 full control
In permission i set
Administrators - full control - This folder, subfolders and files
SYSTEM - full control - This folder, subfolders and files
User1 and User2 - read only - This folder only
Inside this dir i make a new subfolder named "one"
In permission i have (inherited)
Administrators and SYSTEM - full control
and i add
User1 - full control EXCLUDED Change Permissions, Take Ownership - This
folder, subfolders and files
User1 - Deny Delete - This folder only
User2 - Read only - This folder, subfolders and files
whit this my goal is reached in Windows Xp workstation
User1 can work inside folder "one" but can't delete it
User2 can only read inside this folder
My problem
User1 make word (for instance) file.
Right click on it and change permission!
He can set User2 Full control for this file and allow user2 to modify or
delete the file!!!
Where is my mistake?
How i can avoid the possibility to change ACL of all files? (also whit
command line utility)
I need GPO support?
I hope to be clear.
Thanks in advanced
Regards
.
- Follow-Ups:
- Re: ACL Issue
- From: Larry Struckmeyer [SBS-MVP]
- Re: ACL Issue
- Prev by Date: Re: 2008 SBS no longer boots
- Next by Date: Re: Replace LAN NIC on SBS 2003 R2
- Previous by thread: SBS 2008 - Clients logon problem
- Next by thread: Re: ACL Issue
- Index(es):
Relevant Pages
|
