simpleton needs help with ntfs permissions

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

This didn't make much sense to me...

If the drive is not NTFS then NTFS permissions are not available, so you would set share permissions right? I think that's what Bluerinse was meaning as an answer to Tinus.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Correct. I didn't think of that one

 

The drive might not be NTFS (Thank you Bluerinse). There is your hole. And you might accidentally have granted to much rights due to group membership.

I can. I'm a born comedian

 

No, the drive not being NTFS slipped my mind. Being to busy then to prepare for my 70-646 I took yesterday.

 

Okay, fine... use share permissions on those computers. But what doofus would use FAT on a server?!?

 

There maybe some out there

 

*waves*

I kid, I kid

 

I might have missed that, but there was no mention of a server in the original question. I think the discussion wandered of a bit. What about the second reason I gave?

 

What second reason? Group membership? Easy - simply deny the NTFS permissions for the individual... not the share permissions.

 

That is an option, but stil does not convinse me to set share permissions to full control. Call me stubborn.

 

If you insist... "stubborn".

Hey, make sure to post your reply twice... just to make sure that people see it... you know, you wouldn't want them to miss anything (even though it's already posted once), so you really ought to take the extra effort...

 

I'm not sure what you mean with this answer. Did I double post something? I apologize for that but I don't see a double post.

 

Hes implying that by setting both share and ntfs permissions, you are doubling your effort. If you double your effort there, why not with everything else.

 

OK, so if I get this correct Michael is also not in favour of two firewalls, one on each side of the DMZ? Why bother?
Off course, that is a complete different subject.

 

But there IS a valid reason to have a second firewall when you've got a DMZ. There is NOT a reason to have a second firewall if you DON'T have a DMZ. That's the point: share permissions don't give you additional security over and above what NTFS gives you. If it gave you something extra that NTFS didn't provide, I'd be in favor of taking the extra effort in calculating effective permissions and all that hassle... but it doesn't.

 

There is a reason to use limitations in share permissions. I told this before and tell it again. There is a program out on the internet with which you can increase your NTFS permissions to full control even if you have no access for starters. What you need for this program to function is full control on the share.
I have seen this program work during my course CEH on server 2003.
I am not sure if this hole in security is mended now, but better be safe than sorry.

 

link?

 

I would have send the link the first time if I could only remember what tool he (the trainer) used.