Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computer Certification > MCSA > Question regarding permission in xp (MCSA)

Reply
Thread Tools

Question regarding permission in xp (MCSA)

 
 
funnysun
Guest
Posts: n/a
 
      04-11-2007
create a folder named TEST on c:\TEST, share it as TESTSHARE

when you place permission this folder in NTFS, for same user opening
this folder from network which one is effective permission?
( permission placed on c:\TEST or permission placed on TESTSHARE). As
of my testing, permission on TESTSHARE overwrites the other one, but i
found it otherwise when I took sample test questions.

Could anyone please advise?

Thanks a lot

 
Reply With Quote
 
 
 
 
catwalker63
Guest
Posts: n/a
 
      04-11-2007
funnysun piffled away vaguely:

> create a folder named TEST on c:\TEST, share it as TESTSHARE
>
> when you place permission this folder in NTFS, for same user opening
> this folder from network which one is effective permission?
> ( permission placed on c:\TEST or permission placed on TESTSHARE). As
> of my testing, permission on TESTSHARE overwrites the other one, but i
> found it otherwise when I took sample test questions.
>


One way to figure out permissions is to make two columns and label one
NTFS and the other Share. Put the appropriate permissions for the user
and each group they belong to in the appropriate column. For NTFS, the
effective permission is the LEAST restrictive of all for the user and
all of the groups unless there is an explicit deny, so write that down
at the bottom of the column. Same for Share permissions. Now, look at
the permissions at the bottom of each column and compare them. The
effective permissions over the network are the MOST restrictive
permissions between Share and NTFS.

When you go to use this in the real world, setup the share as open to
all Authenticated Users for the Share permissions and then set your
actual restrictions with NTFS. NTFS permissions affect the user whether
they log in locally or access files over the network. Share permissions
will only affect a user accessing a share. NTFS permissions are also
more granular, giving you more control and, potentially, really
confusing you.
--

Catwalker
MCNGP #43
www.mcngp.com
"I have a gun. It's loaded. Shut up."

 
Reply With Quote
 
 
 
 
funnysun
Guest
Posts: n/a
 
      04-11-2007
On Apr 11, 3:54 am, catwalker63 <(E-Mail Removed)> wrote:
> funnysun piffled away vaguely:
>
> > create a folder named TEST on c:\TEST, share it as TESTSHARE

>
> > when you place permission this folder in NTFS, for same user opening
> > this folder from network which one is effective permission?
> > ( permission placed on c:\TEST or permission placed on TESTSHARE). As
> > of my testing, permission on TESTSHARE overwrites the other one, but i
> > found it otherwise when I took sample test questions.

>
> One way to figure out permissions is to make two columns and label one
> NTFS and the other Share. Put the appropriate permissions for the user
> and each group they belong to in the appropriate column. For NTFS, the
> effective permission is the LEAST restrictive of all for the user and
> all of the groups unless there is an explicit deny, so write that down
> at the bottom of the column. Same for Share permissions. Now, look at
> the permissions at the bottom of each column and compare them. The
> effective permissions over the network are the MOST restrictive
> permissions between Share and NTFS.
>
> When you go to use this in the real world, setup the share as open to
> all Authenticated Users for the Share permissions and then set your
> actual restrictions with NTFS. NTFS permissions affect the user whether
> they log in locally or access files over the network. Share permissions
> will only affect a user accessing a share. NTFS permissions are also
> more granular, giving you more control and, potentially, really
> confusing you.
> --
>
> Catwalker
> MCNGP #43www.mcngp.com
> "I have a gun. It's loaded. Shut up."


Thank you for ur reply, Im still little confused. By giving example
blow, would you mind telling me what is the permission on share?
eg.
User: A1
Group: USERS
NTFS <----> SHARE
Allow -Modify Allow-Read

effective permission is Allow-Read for A1 to access SHARE folder over
network?



 
Reply With Quote
 
funnysun
Guest
Posts: n/a
 
      04-11-2007
On Apr 11, 12:32 pm, "funnysun" <(E-Mail Removed)> wrote:
> On Apr 11, 3:54 am, catwalker63 <(E-Mail Removed)> wrote:
>
>
>
>
>
> > funnysun piffled away vaguely:

>
> > > create a folder named TEST on c:\TEST, share it as TESTSHARE

>
> > > when you place permission this folder in NTFS, for same user opening
> > > this folder from network which one is effective permission?
> > > ( permission placed on c:\TEST or permission placed on TESTSHARE). As
> > > of my testing, permission on TESTSHARE overwrites the other one, but i
> > > found it otherwise when I took sample test questions.

>
> > One way to figure out permissions is to make two columns and label one
> > NTFS and the other Share. Put the appropriate permissions for the user
> > and each group they belong to in the appropriate column. For NTFS, the
> > effective permission is the LEAST restrictive of all for the user and
> > all of the groups unless there is an explicit deny, so write that down
> > at the bottom of the column. Same for Share permissions. Now, look at
> > the permissions at the bottom of each column and compare them. The
> > effective permissions over the network are the MOST restrictive
> > permissions between Share and NTFS.

>
> > When you go to use this in the real world, setup the share as open to
> > all Authenticated Users for the Share permissions and then set your
> > actual restrictions with NTFS. NTFS permissions affect the user whether
> > they log in locally or access files over the network. Share permissions
> > will only affect a user accessing a share. NTFS permissions are also
> > more granular, giving you more control and, potentially, really
> > confusing you.
> > --

>
> > Catwalker
> > MCNGP #43www.mcngp.com
> > "I have a gun. It's loaded. Shut up."

>
> Thank you for ur reply, Im still little confused. By giving example
> blow, would you mind telling me what is the permission on share?
> eg.
> User: A1
> Group: USERS
> NTFS <----> SHARE
> Allow -Modify Allow-Read
>
> effective permission is Allow-Read for A1 to access SHARE folder over
> network?- Hide quoted text -
>
> - Show quoted text -


and what about this

User: A1
Group: USERS
NTFS <----> SHARE
Allow -Read Allow-Modify

 
Reply With Quote
 
Blackmetal
Guest
Posts: n/a
 
      04-11-2007
when the combination of Share and NTFS exist, the effective permission is
the most restrictive.

let's say you have an Access database in a hosting folder for a website in
your server.

Your folder, may have Read in order that the content can be reached by the
pages, but the Access mdb, must have modify/read permissions in order the
users have enough permissions to add records through the pages in the
website.

but the users will not be able to modify the folder content AKA create
folders, remove folders, create new files because its share permission is
Read

Hope this helps.

"funnysun" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ups.com...
> On Apr 11, 12:32 pm, "funnysun" <(E-Mail Removed)> wrote:
>> On Apr 11, 3:54 am, catwalker63 <(E-Mail Removed)> wrote:
>>
>>
>>
>>
>>
>> > funnysun piffled away vaguely:

>>
>> > > create a folder named TEST on c:\TEST, share it as TESTSHARE

>>
>> > > when you place permission this folder in NTFS, for same user opening
>> > > this folder from network which one is effective permission?
>> > > ( permission placed on c:\TEST or permission placed on TESTSHARE).
>> > > As
>> > > of my testing, permission on TESTSHARE overwrites the other one, but
>> > > i
>> > > found it otherwise when I took sample test questions.

>>
>> > One way to figure out permissions is to make two columns and label one
>> > NTFS and the other Share. Put the appropriate permissions for the user
>> > and each group they belong to in the appropriate column. For NTFS, the
>> > effective permission is the LEAST restrictive of all for the user and
>> > all of the groups unless there is an explicit deny, so write that down
>> > at the bottom of the column. Same for Share permissions. Now, look at
>> > the permissions at the bottom of each column and compare them. The
>> > effective permissions over the network are the MOST restrictive
>> > permissions between Share and NTFS.

>>
>> > When you go to use this in the real world, setup the share as open to
>> > all Authenticated Users for the Share permissions and then set your
>> > actual restrictions with NTFS. NTFS permissions affect the user
>> > whether
>> > they log in locally or access files over the network. Share
>> > permissions
>> > will only affect a user accessing a share. NTFS permissions are also
>> > more granular, giving you more control and, potentially, really
>> > confusing you.
>> > --

>>
>> > Catwalker
>> > MCNGP #43www.mcngp.com
>> > "I have a gun. It's loaded. Shut up."

>>
>> Thank you for ur reply, Im still little confused. By giving example
>> blow, would you mind telling me what is the permission on share?
>> eg.
>> User: A1
>> Group: USERS
>> NTFS <----> SHARE
>> Allow -Modify Allow-Read
>>
>> effective permission is Allow-Read for A1 to access SHARE folder over
>> network?- Hide quoted text -
>>
>> - Show quoted text -

>
> and what about this
>
> User: A1
> Group: USERS
> NTFS <----> SHARE
> Allow -Read Allow-Modify
>



 
Reply With Quote
 
funnysun
Guest
Posts: n/a
 
      04-11-2007
On Apr 11, 12:34 pm, "funnysun" <(E-Mail Removed)> wrote:
> On Apr 11, 12:32 pm, "funnysun" <(E-Mail Removed)> wrote:
>
>
>
>
>
> > On Apr 11, 3:54 am, catwalker63 <(E-Mail Removed)> wrote:

>
> > > funnysun piffled away vaguely:

>
> > > > create a folder named TEST on c:\TEST, share it as TESTSHARE

>
> > > > when you place permission this folder in NTFS, for same user opening
> > > > this folder from network which one is effective permission?
> > > > ( permission placed on c:\TEST or permission placed on TESTSHARE). As
> > > > of my testing, permission on TESTSHARE overwrites the other one, but i
> > > > found it otherwise when I took sample test questions.

>
> > > One way to figure out permissions is to make two columns and label one
> > > NTFS and the other Share. Put the appropriate permissions for the user
> > > and each group they belong to in the appropriate column. For NTFS, the
> > > effective permission is the LEAST restrictive of all for the user and
> > > all of the groups unless there is an explicit deny, so write that down
> > > at the bottom of the column. Same for Share permissions. Now, look at
> > > the permissions at the bottom of each column and compare them. The
> > > effective permissions over the network are the MOST restrictive
> > > permissions between Share and NTFS.

>
> > > When you go to use this in the real world, setup the share as open to
> > > all Authenticated Users for the Share permissions and then set your
> > > actual restrictions with NTFS. NTFS permissions affect the user whether
> > > they log in locally or access files over the network. Share permissions
> > > will only affect a user accessing a share. NTFS permissions are also
> > > more granular, giving you more control and, potentially, really
> > > confusing you.
> > > --

>
> > > Catwalker
> > > MCNGP #43www.mcngp.com
> > > "I have a gun. It's loaded. Shut up."

>
> > Thank you for ur reply, Im still little confused. By giving example
> > blow, would you mind telling me what is the permission on share?
> > eg.
> > User: A1
> > Group: USERS
> > NTFS <----> SHARE
> > Allow -Modify Allow-Read

>
> > effective permission is Allow-Read for A1 to access SHARE folder over
> > network?- Hide quoted text -

>
> > - Show quoted text -

>
> and what about this
>
> User: A1
> Group: USERS
> NTFS <----> SHARE
> Allow -Read Allow-Modify- Hide quoted text -
>
> - Show quoted text -


According to my lab test, the following permission will grant user A1
read only over network
User: A1
Group: USERS
NTFS <----> SHARE
Allow -Modify Allow-Read

and following will grand modify permission to user A1 over network
User: A1
Group: USERS
NTFS <----> SHARE
Allow -Read Allow-Modify

This is different from what you said "MOST restrictive
permissions between Share and NTFS. " Why is that???

 
Reply With Quote
 
Blackmetal
Guest
Posts: n/a
 
      04-11-2007
Ok, in the previous case (talking a typical hosting folder) the folder
already has the most restrictive (Read) with the difference that the .

Now, in this new sample, the most restrictive permission applies again, so
the effective permission is still Read.

and that's why SHARE pemissions are not enough to secure a network. and here
goes again:

in a web environment, the InetPub folder must have Read permissions in order
to the web pages be read by the users, but for the authoring users (let's
say programmers, designers, etc) they must be in a group wich allows them to
modify the content.

hope this helps again.


 
Reply With Quote
 
funnysun
Guest
Posts: n/a
 
      04-11-2007
On Apr 11, 12:46 pm, "Blackmetal" <(E-Mail Removed)>
wrote:
> when the combination of Share and NTFS exist, the effective permission is
> the most restrictive.
>
> let's say you have an Access database in a hosting folder for a website in
> your server.
>
> Your folder, may have Read in order that the content can be reached by the
> pages, but the Access mdb, must have modify/read permissions in order the
> users have enough permissions to add records through the pages in the
> website.
>
> but the users will not be able to modify the folder content AKA create
> folders, remove folders, create new files because its share permission is
> Read
>
> Hope this helps.
>
> "funnysun" <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed) ups.com...
>
>
>
> > On Apr 11, 12:32 pm, "funnysun" <(E-Mail Removed)> wrote:
> >> On Apr 11, 3:54 am, catwalker63 <(E-Mail Removed)> wrote:

>
> >> > funnysun piffled away vaguely:

>
> >> > > create a folder named TEST on c:\TEST, share it as TESTSHARE

>
> >> > > when you place permission this folder in NTFS, for same user opening
> >> > > this folder from network which one is effective permission?
> >> > > ( permission placed on c:\TEST or permission placed on TESTSHARE).
> >> > > As
> >> > > of my testing, permission on TESTSHARE overwrites the other one, but
> >> > > i
> >> > > found it otherwise when I took sample test questions.

>
> >> > One way to figure out permissions is to make two columns and label one
> >> > NTFS and the other Share. Put the appropriate permissions for the user
> >> > and each group they belong to in the appropriate column. For NTFS, the
> >> > effective permission is the LEAST restrictive of all for the user and
> >> > all of the groups unless there is an explicit deny, so write that down
> >> > at the bottom of the column. Same for Share permissions. Now, look at
> >> > the permissions at the bottom of each column and compare them. The
> >> > effective permissions over the network are the MOST restrictive
> >> > permissions between Share and NTFS.

>
> >> > When you go to use this in the real world, setup the share as open to
> >> > all Authenticated Users for the Share permissions and then set your
> >> > actual restrictions with NTFS. NTFS permissions affect the user
> >> > whether
> >> > they log in locally or access files over the network. Share
> >> > permissions
> >> > will only affect a user accessing a share. NTFS permissions are also
> >> > more granular, giving you more control and, potentially, really
> >> > confusing you.
> >> > --

>
> >> > Catwalker
> >> > MCNGP #43www.mcngp.com
> >> > "I have a gun. It's loaded. Shut up."

>
> >> Thank you for ur reply, Im still little confused. By giving example
> >> blow, would you mind telling me what is the permission on share?
> >> eg.
> >> User: A1
> >> Group: USERS
> >> NTFS <----> SHARE
> >> Allow -Modify Allow-Read

>
> >> effective permission is Allow-Read for A1 to access SHARE folder over
> >> network?- Hide quoted text -

>
> >> - Show quoted text -

>
> > and what about this

>
> > User: A1
> > Group: USERS
> > NTFS <----> SHARE
> > Allow -Read Allow-Modify- Hide quoted text -

>
> - Show quoted text -


wow, you replied so fast lol

 
Reply With Quote
 
funnysun
Guest
Posts: n/a
 
      04-11-2007
On Apr 11, 12:50 pm, "funnysun" <(E-Mail Removed)> wrote:
> On Apr 11, 12:34 pm, "funnysun" <(E-Mail Removed)> wrote:
>
>
>
>
>
> > On Apr 11, 12:32 pm, "funnysun" <(E-Mail Removed)> wrote:

>
> > > On Apr 11, 3:54 am, catwalker63 <(E-Mail Removed)> wrote:

>
> > > > funnysun piffled away vaguely:

>
> > > > > create a folder named TEST on c:\TEST, share it as TESTSHARE

>
> > > > > when you place permission this folder in NTFS, for same user opening
> > > > > this folder from network which one is effective permission?
> > > > > ( permission placed on c:\TEST or permission placed on TESTSHARE). As
> > > > > of my testing, permission on TESTSHARE overwrites the other one, but i
> > > > > found it otherwise when I took sample test questions.

>
> > > > One way to figure out permissions is to make two columns and label one
> > > > NTFS and the other Share. Put the appropriate permissions for the user
> > > > and each group they belong to in the appropriate column. For NTFS, the
> > > > effective permission is the LEAST restrictive of all for the user and
> > > > all of the groups unless there is an explicit deny, so write that down
> > > > at the bottom of the column. Same for Share permissions. Now, look at
> > > > the permissions at the bottom of each column and compare them. The
> > > > effective permissions over the network are the MOST restrictive
> > > > permissions between Share and NTFS.

>
> > > > When you go to use this in the real world, setup the share as open to
> > > > all Authenticated Users for the Share permissions and then set your
> > > > actual restrictions with NTFS. NTFS permissions affect the user whether
> > > > they log in locally or access files over the network. Share permissions
> > > > will only affect a user accessing a share. NTFS permissions are also
> > > > more granular, giving you more control and, potentially, really
> > > > confusing you.
> > > > --

>
> > > > Catwalker
> > > > MCNGP #43www.mcngp.com
> > > > "I have a gun. It's loaded. Shut up."

>
> > > Thank you for ur reply, Im still little confused. By giving example
> > > blow, would you mind telling me what is the permission on share?
> > > eg.
> > > User: A1
> > > Group: USERS
> > > NTFS <----> SHARE
> > > Allow -Modify Allow-Read

>
> > > effective permission is Allow-Read for A1 to access SHARE folder over
> > > network?- Hide quoted text -

>
> > > - Show quoted text -

>
> > and what about this

>
> > User: A1
> > Group: USERS
> > NTFS <----> SHARE
> > Allow -Read Allow-Modify- Hide quoted text -

>
> > - Show quoted text -

>
> According to my lab test, the following permission will grant user A1
> read only over network
> User: A1
> Group: USERS
> NTFS <----> SHARE
> Allow -Modify Allow-Read
>
> and following will grand modify permission to user A1 over network
> User: A1
> Group: USERS
> NTFS <----> SHARE
> Allow -Read Allow-Modify
>
> This is different from what you said "MOST restrictive
> permissions between Share and NTFS. " Why is that???- Hide quoted text -
>
> - Show quoted text -


OK, I know where my mistake was. When I go to effective permissions
of A1 on NTFS, it displays A1 has Full control, however, I only grant
A1 Allow - Read on NTFS...............then I found out USERS gourp has
Full control..............After I remove A1 from Users group,
everything is like "the effective permission is
the most restrictive. "

I really appreciate your help guys.........

Thank you

 
Reply With Quote
 
Blackmetal
Guest
Posts: n/a
 
      04-11-2007
good to know you're done.

just remember this as a rule:

Effective Permissions = Most Restrictive(NTFS + SHARE)

"funnysun" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> On Apr 11, 12:50 pm, "funnysun" <(E-Mail Removed)> wrote:
>> On Apr 11, 12:34 pm, "funnysun" <(E-Mail Removed)> wrote:
>>
>>
>>
>>
>>
>> > On Apr 11, 12:32 pm, "funnysun" <(E-Mail Removed)> wrote:

>>
>> > > On Apr 11, 3:54 am, catwalker63 <(E-Mail Removed)>
>> > > wrote:

>>
>> > > > funnysun piffled away vaguely:

>>
>> > > > > create a folder named TEST on c:\TEST, share it as TESTSHARE

>>
>> > > > > when you place permission this folder in NTFS, for same user
>> > > > > opening
>> > > > > this folder from network which one is effective permission?
>> > > > > ( permission placed on c:\TEST or permission placed on
>> > > > > TESTSHARE). As
>> > > > > of my testing, permission on TESTSHARE overwrites the other one,
>> > > > > but i
>> > > > > found it otherwise when I took sample test questions.

>>
>> > > > One way to figure out permissions is to make two columns and label
>> > > > one
>> > > > NTFS and the other Share. Put the appropriate permissions for the
>> > > > user
>> > > > and each group they belong to in the appropriate column. For NTFS,
>> > > > the
>> > > > effective permission is the LEAST restrictive of all for the user
>> > > > and
>> > > > all of the groups unless there is an explicit deny, so write that
>> > > > down
>> > > > at the bottom of the column. Same for Share permissions. Now, look
>> > > > at
>> > > > the permissions at the bottom of each column and compare them. The
>> > > > effective permissions over the network are the MOST restrictive
>> > > > permissions between Share and NTFS.

>>
>> > > > When you go to use this in the real world, setup the share as open
>> > > > to
>> > > > all Authenticated Users for the Share permissions and then set your
>> > > > actual restrictions with NTFS. NTFS permissions affect the user
>> > > > whether
>> > > > they log in locally or access files over the network. Share
>> > > > permissions
>> > > > will only affect a user accessing a share. NTFS permissions are
>> > > > also
>> > > > more granular, giving you more control and, potentially, really
>> > > > confusing you.
>> > > > --

>>
>> > > > Catwalker
>> > > > MCNGP #43www.mcngp.com
>> > > > "I have a gun. It's loaded. Shut up."

>>
>> > > Thank you for ur reply, Im still little confused. By giving example
>> > > blow, would you mind telling me what is the permission on share?
>> > > eg.
>> > > User: A1
>> > > Group: USERS
>> > > NTFS <----> SHARE
>> > > Allow -Modify Allow-Read

>>
>> > > effective permission is Allow-Read for A1 to access SHARE folder over
>> > > network?- Hide quoted text -

>>
>> > > - Show quoted text -

>>
>> > and what about this

>>
>> > User: A1
>> > Group: USERS
>> > NTFS <----> SHARE
>> > Allow -Read Allow-Modify- Hide quoted text -

>>
>> > - Show quoted text -

>>
>> According to my lab test, the following permission will grant user A1
>> read only over network
>> User: A1
>> Group: USERS
>> NTFS <----> SHARE
>> Allow -Modify Allow-Read
>>
>> and following will grand modify permission to user A1 over network
>> User: A1
>> Group: USERS
>> NTFS <----> SHARE
>> Allow -Read Allow-Modify
>>
>> This is different from what you said "MOST restrictive
>> permissions between Share and NTFS. " Why is that???- Hide quoted
>> text -
>>
>> - Show quoted text -

>
> OK, I know where my mistake was. When I go to effective permissions
> of A1 on NTFS, it displays A1 has Full control, however, I only grant
> A1 Allow - Read on NTFS...............then I found out USERS gourp has
> Full control..............After I remove A1 from Users group,
> everything is like "the effective permission is
> the most restrictive. "
>
> I really appreciate your help guys.........
>
> Thank you
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fixed: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). Skybuck Flying Windows 64bit 1 06-29-2009 06:17 PM
Deny Delete permission question sundevilkid85 MCSE 0 05-08-2006 04:21 PM
Newbie: Ajax permission'g question hemant.singh@gmail.com HTML 6 04-17-2006 05:42 PM
An ASP.NET permission question =?Utf-8?B?Y25pY2ts?= ASP .Net 1 03-22-2005 06:05 AM
NTFS permission question Bay MCSE 2 10-08-2003 05:35 AM



Advertisments