|
Posted by Larry on March 31, 2006, 3:31 pm
Please log in for more thread options Allen-
Might I suggest a nap in your data room?
"AllenM" wrote:
> Bill why do you insist on being so persistant. No I do not want to know why
> it makes no sense because I already know why. And I don't care why it makes
> no sense. I never claimed it to be. Now if you have read my postings when I
> tried to explain I said "IN OTHER WORDS, FOR EXAMPLE, I CAN ASSIGN A GROUP
> OR USER READ/WRITE ONLY AND GIVE THEM "SPECIAL PERMISSIONS" TO "CHANGE
> PERMISSIONS". THIS CAN BE DONE FROM THE "ADVANCE"
>
> Do you understand what I meant by for "example". Where did I ever say that
> it is the correct thing to do and suggested some one do it. You just can't
> handle constructive criticism huh Bill? Just admit you made a wrong
> statement and that you stand corrected and quit trying to justify your wrong
> doing by trying to make false pretences towards others. So far neither one
> of us has helped the poster because I'm sure he is getting more entertained
> through reading your persistance ignorance on trying to justify yourself.
> Jesus Christ quit trying to be someone you are not. Your level of expertise
> is limit compared to others here as was evident when you posted in the
> Exchange NG.
>
> Tornado my sincere apologies. I'm sorry you had to read through all of this.
> But I'm sure you see my point and who is right and who is wrong. I do hope
> you get an answer elsewhere. Hopefully not from Bill.
>
> I AM DONE WITH THIS THREAD..
>
>
> "Bill" <it_professional_0812 at yahoo.com> wrote in message
> > Allen-
> >
> > I guess for your sake I should have said "Everyone - Full Control at the
> > share level, and do not grant
> > full control to non-administrators at the NTFS level, users should not be
> > able to change permissions, unless you grant them "change permissions"
> > rights which no one in their right mind would do anyway".
> >
> > Want to know why it makes no sense to do what you are proposing? Because
> > if you give someone the rights to change permissions, they can give
> > themselves and everyone else "full control" anyway. You might as well
> > just give them full control. There is no reason in the world to grant
> > NTFS permissions like this. What you are saying, while technically
> > correct, makes NO SENSE.
> >
> > My original statement, at face value, is not incorrect, unless you've gone
> > into the advanced tab and tweaked the permissions as you describe, which
> > rather foolish.
> >
> >
> >> YOUR REVISED STATEMENT
> >> If you have not granted any "special permissions", and the group does not
> >> have full control, they cannot change NTFS permissions
> >>
> >> Now that statement is correct. I already knew that which is what I was
> >> trying to let you know.
> >>
> >> YOUR FIRST STATEMENT:
> >> If you set "Everyone - Full Control" at the share level, and do not grant
> >> full control to non-administrators at the NTFS level, users should not be
> >> able to change permissions
> >>
> >> SEE THE DIFFERENCE?
> >>
> >>
> >> "Bill" <it_professional_0812 at yahoo.com> wrote in message
> >>> Allen-
> >>>
> >>> If you have not granted any "special permissions", and the group does
> >>> not have full control, they cannot change NTFS permissions.
> >>>
> >>>
> >>>> That is not true. Reread your statement. "and do not grant full control
> >>>> to non-administrators at the NTFS level, users should not be able to
> >>>> change permissions"
> >>>> This is not true because I would be able to change permissions without
> >>>> granting FULL control by doing what I said. Perhaps you forgot to
> >>>> include the "unless" at the end of your statement. Do a google search
> >>>> on NTFS Folder/File permissions. They have some great articles you can
> >>>> use to learn more about NTFS permissions.
> >>>>
> >>>> Now reread what I said.
> >>>>
> >>>> "YOU CAN ASSIGN ANY GROUP OR USER THE RIGHT TO "CHANGE PERMISSIONS"
> >>>> WITHOUT
> >>>> GIVING THEM FULL CONTROL OR MAKING THEM A MEMBER OF AN ADMINISTRATIVE
> >>>> GROUP.
> >>>>
> >>>> But I'm not going to argue it any furthur as this does not help the
> >>>> poster resolve his issues.
> >>>>
> >>>>
> >>>>
> >>>> "Bill" <it_professional_0812 at yahoo.com> wrote in message
> >>>>> There is nothing incorrect about this statement: "If you set
> >>>>> "Everyone - Full Control" at
> >>>>> the share level, and do not grant full control to non-administrators
> >>>>> at the
> >>>>> NTFS level, users should not be able to change permissions."
> >>>>>
> >>>>> While it is true that you can assign special permissions to allow
> >>>>> non-administrators to change permissions, if the group is not granted
> >>>>> full control on the standard tab, they cannot change NTFS permissions,
> >>>>> period.
> >>>>>
> >>>>>> Let me try to break this down to help better understand so that I may
> >>>>>> provide some helpful input here.
> >>>>>>
> >>>>>> 1. "I have a folder called test under another folder called as
> >>>>>> Documents. Documents folder is shared. I have given full permissions
> >>>>>> for everyone group since i am
> >>>>>> going to control the folder accesses via NTFS permissions."
> >>>>>>
> >>>>>> THIS IS CORRECT. WHENEVER YOU WANT TO SHARE A FOLDER IT IS GOOD
> >>>>>> PRACTICE TO ASSIGN "EVERYONE" FULL ACCES AT THE SHARE LEVEL AND
> >>>>>> RESTRICT FOLDER ACCESS USING NTFS FOLDER/FILE PERMISSIONS.
> >>>>>>
> >>>>>> 2. So for test folder i have assigned the permissions only for that
> >>>>>> particular group and adminstrator.
> >>>>>>
> >>>>>> WHAT ARE THE PERMISSIONS YOU ASSIGNED TO THE ADMINISTRATORS AND THIS
> >>>>>> PARTICULAR GROUP?
> >>>>>>
> >>>>>> 3. When i login from client machine and check the permissons via
> >>>>>> security tab for any folder under test folder i am able to change
> >>>>>> permissions from client side directly.
> >>>>>>
> >>>>>> WHO ARE YOU LOGGING IN AS?
> >>>>>>
> >>>>>> 4. I have tried all sorts of combinations but to my surprise none
> >>>>>> worked. I dont know what is going wrong here.
> >>>>>>
> >>>>>> WHAT ARE THESE COMBINATIONS? i TAKE IT YOU ARE TRYING TO "NOT" ALLOW
> >>>>>> THIS PARTICULAR GROUP THE RIGHT TO CHANGE PERMISSIONS? IS THIS A
> >>>>>> CORRECT STATEMENT?
> >>>>>>
> >>>>>> 5. Bill's statement is incorrect. "If you set "Everyone - Full
> >>>>>> Control" at the share level, and do not grant full control to
> >>>>>> non-administrators at the NTFS level, users should not be able to
> >>>>>> change permissions."
> >>>>>>
> >>>>>> YOU CAN ASSIGN ANY GROUP OR USER THE RIGHT TO "CHANGE PERMISSIONS"
> >>>>>> WITHOUT GIVING THEM FULL CONTROL OR MAKING THEM A MEMBER OF AN
> >>>>>> ADMINISTRATIVE GROUP. YOU CAN ASSIGN THEM "SPECIAL PERMISSIONS". IN
> >>>>>> OTHER WORDS, FOR EXAMPLE, I CAN ASSIGN A GROUP OR USER READ/WRITE
> >>>>>> ONLY AND GIVE THEM "SPECIAL PERMISSIONS" TO "CHANGE PERMISSIONS".
> >>>>>> THIS CAN BE DONE FROM THE "ADVANCE" FEATURES.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> "Bill" <it_professional_0812 at yahoo.com> wrote in message
> >>>>>>> I'll ask the dumb question - are you logging in as yourself, or as
> >>>>>>> the "restricted" user?
> >>>>>>>
> >>>>>>> If you set "Everyone - Full Control" at the share level, and do not
> >>>>>>> grant full control to non-administrators at the NTFS level, users
> >>>>>>> should not be able to change permissions.
> >>>>>>>
> >>>>>>>> Hi group,
> >>>>>>>>
> >>>>>>>> Hope you can help me with this one. I dont know what am i doing
> >>>>>>>> wrong.
> >>>>>>>>
> >>>>>>>> OS is windows 2003 in AD environment. This configuration is done on
> >>>>>>>> the
> >>>>>>>> server side:
> >>>>>>>>
> >>>>>>>> I have a folder called test under another folder called as
> >>>>>>>> Documents.
> >>>>>>>> Documents folder is
> >>>>>>>> shared. I have given full permissions for everyone group since i am
> >>>>>>>> going to control the folder accesses via NTFS permissions. So for
> >>>>>>>> test
> >>>>>>>> folder i have assigned the permissions
> >>>>>>>> only for that particular group and adminstrator.
> >>>>>>>>
> >>>>>>>> When i login from client machine and check the permissons via
> >>>>>>>> security
> >>>>>>>> tab for any folder
> >>>>>>>> under test folder i am able to change permissions from client side
> >>>>>>>> directly. I have tried
> >>>>>>>> all sorts of combinations but to my surprise none worked. I dont
> >>>>>>>> know
> >>>>>>>> what is going wrong here.
> >>>>>>>>
> >>>>>>>> Any sort of inputs will be of great help. Thanks in advance.
> >>>>>>>>
> >>>>>>>> Thanks,
> >>>>>>>>
> >>>>>>>> Tornado.
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>
> >>>
> >>
> >>
> >
> >
>
>
>
| 
XML Sitemap