No announcement yet.

ACL issue

  • Filter
  • Time
  • Show
Clear All
new posts

  • ACL issue

    Hi to all and sorry for my english.

    This is my test environment
    Windows 2003 SBS
    Windows Xp Pro workstation joined in domain
    User1 and User2

    In WIndows 2003 SBS i share a folder named "test"
    In share permission i set
    User1 full control
    User2 full control

    In permission i set
    Administrators - full control - This folder, subfolders and files
    SYSTEM - full control - This folder, subfolders and files
    User1 and User2 - read only - This folder only

    Inside this dir i make a new subfolder named "one"
    In permission i have (inherited)
    Administrators and SYSTEM - full control

    and i add
    User1 - full control EXCLUDED Change Permissions, Take Ownership - This folder, subfolders and files
    User1 - Deny Delete - This folder only
    User2 - Read only - This folder, subfolders and files

    whit this my goal is reached in Windows Xp workstation
    User1 can work inside folder "one" but can't delete it
    User2 can only read inside this folder

    My problem
    User1 make word (for instance) file.
    Right click on it and change permission!
    He can set User2 Full control for this file and allow user2 to modify or delete the file!!!

    Where is my mistake?
    How i can avoid the possibility to change ACL of all files? (also whit command line utility)
    I need GPO support?

    I hope to be clear.
    Thanks in advanced