20060919

From Wsms

Jump to: navigation, search

previous next

  • 20060919

Chapter 8 Windows Defaults 

If there is a folder on C:
 Any user can write to it.
 Other users can read docs in the folder, but they can't modify them.

Default Folders Permissions for members of the users group: Fead & Execute List Folder Contents Read Special Permissions See the Special Permissions handout Traverse Folder/Execute File List Folder/Append Data, etc. See p 8-11 See p 8-15 Real World Managing Permissions Structures Microsoft has a bunch of free Lock-down tools available for downloading. Some of the service packs have changes in the default permissions for folder and files.

If you look on the Security tab of the Properties dialog of a folder, you see several users and groups: Administrator CREATOR OWNER georgeg SYSTEM Users

The ones in all caps are system-defined. The ones in lower case or mixed case are set up by the Administrator.

With NTFS the new owner of a file must take possesion. Administrator cannot assign a new owner. In Unix/Linux the root user changes the owner with chown.

Inheritance In Explorer right click the folder icon for C:\public\shared To turn off inheritance by unclecking Inherit from parent the permission entries that apply to child objects. Include these with entries explicityle defined here.

Moving and copying... can be on same or new volume. The new volume may be FAT or may be NTFS. Moving within the same volume is renaming. Inheretance may be overriden in this case. The permissions do not change. Moving to a different volume is copying. The new folder gets the permissions of the destination folder. 

If you move to a FAT volume, the permissions are lost.

If you move the folder from a FAT volume back to a NTFS volume, all the permissions are restored via inheritance. 

So, a handy trick is to copy a folder to a FAT volume, then back to a NTFS volume to fix the file permissions.

UDF (auxilary data file) from digital cameras can be gotten rid of the same way.

Administrators can take over ownership without the owners permission. There is an audit trail that will be discussed under group properties.

Q. How does the concept of group ownership translate from unix to windows? Q. Does Windows have a concept analogous to file Owner, Group and World permission

Q. What happens if a user is deleted from the user database? A. If you look at the ownership, you'll see the identifier for that user instead of his name. 

  You have to take ownership as administrator, then give the file to a new user.

A user can use the Deny check boxes in the Security tab of the Properties dialog to lock themselves out of file access. For example, they can deny access to their group which includes themselves. Remember that Deny overrides Allow.

Case senario from book: See ? Note that the delete permission is controlled by the folder holding the file, not by the permissions 

of the file itself.

Chapter 9 Administering Shared Folders See also http://support.microsoft.com/kb/307874/ "How to disable simplified sharing and set permissions on a shared folder in Windows XP"

Retrieved from "http://wsms.wikiplanet.com/mediawiki/index.php/20060919"
Personal tools