Announcement

Collapse
No announcement yet.

Permissions

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Permissions

    Greetings,
    I have a windows 2003 server that acts as a file server for my network. I am running Active Directory on the network.

    I have created several groups of users in the Active Directory. For example, I have a group called staff that all users are members of. I have a group called engineering, management, sales, etc.

    When I set permissions on files/folders on the file server, if I give read only access to staff, but give management Full access, there won't be a problem, will there ?
    Since userA is in staff and management ?

    thanks for any guidance,
    -Darryl

  • #2
    Re: Permissions

    No it should be fine. If you give a user 2 sets of allow permissions then the "best" will take precedence. It is only when you start using deny permissions that you will see issues.
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Permissions

      Also, check out the Effective Permissions for a restricted user by accessing a restricted file then bringing up the security properties>Advanced>Effective Permissions to see what permissions a particular user will have.
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Re: Permissions

        If my knowledge is correct, combined NTFS permissions allows the user the least restrictive right. Therefore, your User A will have Full. As users are connecting to shares, the combined permissions of the shares and NTFS will determine the level of access. e.g. If a share has a read permission for the Management Group and NTFS as Full, all members of the management group would have read permission when conencting to the file server from the network.

        I wouldn't give anyone, except your administrators, Full Access though. General practice is to grant the 'Everyone' Group 'Full control' on the share's permission and lock down a User's rights on the files and folders with NTFS. Grant Modify permission to Management etc. Granting Full will also allow users to change the permissions on the folders and files. More permission than they need.
        Last edited by Virtual; 19th August 2008, 22:38.

        Comment


        • #5
          Re: Permissions

          What Virtual says is correct; HOWEVER - any group which the user is a member of which has a DENY permission will take precedence over the rest.

          So - if a user gets full control through one group, read through another group, and DENY DELETE from another, he will have Full Control except he won't be able to delete.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment


          • #6
            Re: Permissions

            As long as all groups are equal Deny will take precedence. If the Deny permission is inherited it can be overruled by an Allow.

            Comment


            • #7
              Re: Permissions

              Originally posted by Meekrobe View Post
              As long as all groups are equal Deny will take precedence. If the Deny permission is inherited it can be overruled by an Allow.
              Isn't that what I just said - barring the bit about inherited denies?


              Tom
              For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

              Anything you say will be misquoted and used against you

              Comment


              • #8
                Re: Permissions

                Here's a good summary of permissions:

                http://en.wikibooks.org/wiki/Microso...ns_Inheritance

                Comment

                Working...
                X