Understanding permissions

Discussion in 'MCDST' started by datarunner, Feb 3, 2009.

  1. datarunner

    datarunner Byte Poster

    245
    1
    24
    Feb 3, 2009 #1
    Remove Advertisement - Premium Membership
    hi all

    dunno how many times i have covered share and ntfs permissions but i keep forgetting the rules. so here is my understanding and please correct if im wrong.

    a shared folder - combine share and ntfs and the most restrictive wins

    ntfs permissions from one group and ntfs permissions from another group are culmlative - less restrictive permission is given.

    i hope my understanding is correct and if not then please advise

    regards
     
    Certifications: A+, N+, MCP 210, 270, HNC Networking
    WIP: MCSA
  2. dalsoth

    dalsoth Kilobyte Poster

    325
    14
    54
    Feb 3, 2009 #2
    Remove Advertisement - Premium Membership
    Think you are right there. Also remember that if you are unsure, you can check the effective permissions tab. Try it on a few folders in a lab and test what happens.
     
    Certifications: MCSE, MCP, MCDST, MCSA, ITIL v3
    WIP: MCITP EA
  3. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Feb 3, 2009 #3
    The way I always remember it is as follows:

    Look at the Shared Permissions and NTFS Permissions seperatley. Escalate them both to the highest permission e.g. Shared Write and NTFS Read. Then combine them and the most restrictive of the two wins, so in this case NTFS Read.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  4. Evilwheato

    Evilwheato Kilobyte Poster

    414
    4
    20
    Feb 3, 2009 #4
    *Stupid Internet*
    I was posting here and it kicked me off! Yes, what you are saying is correct- I've only recently read a N+ chapter about it, and thats my understanding of sharing and permissions.
     
  5. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    Feb 3, 2009 #5
    The only exception to this when calculating the "highest permission" is Deny... a Deny always trumps an Allow.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  6. dalsoth

    dalsoth Kilobyte Poster

    325
    14
    54
    Feb 3, 2009 #6
    If someone asks permission to use the escalator and then is denied what would be the outcome there? Would they escalate the problem or go with the most restrictive response? :twisted::p

    Ignore me i'm feeling stupid... it happens, a lot.
     
    Certifications: MCSE, MCP, MCDST, MCSA, ITIL v3
    WIP: MCITP EA
  7. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Feb 4, 2009 #7
    Except if it an explicit Allow, which over rides an inherited Deny.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  8. GiddyG

    GiddyG Terabyte Poster Gold Member

    2,471
    42
    140
    Feb 4, 2009 #8
    True, but this is getting reeaallll deep now. :D
     

Share This Page

Loading...
Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...