Click here to get back home

Permissions
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Permissions PL 07-13-2006
|--> Re: Permissions Roger Abell [MV...07-13-2006
|--> Re: Permissions Steven L Umbach07-14-2006
|--> Re: Permissions Joe Richards [M...07-14-2006
Get Chitika Premium
Posted by PL on July 13, 2006, 5:09 pm
Please log in for more thread options
 I don't understand something... I have a file share on a server with
full control share permissions but limited NTFS permissions propagated
all the way down through the structure. NTFS permissions are full
control for administrators and system, read-only for domain users. It
mostly works as expected, however, why is it that when I log in to
another server within the same domain with only the local admin
account, I can edit all files within the share.

Thanks,
Pete

Posted by Roger Abell [MVP] on July 13, 2006, 9:23 pm
Please log in for more thread options
 From what you have stated are the existing grants at the share
and the NTFS level, when you log into a different machine with
a machine local account, whether an admin on that machine or
not, then you should have no access whatsoever to the share.


>I don't understand something... I have a file share on a server with
> full control share permissions but limited NTFS permissions propagated
> all the way down through the structure. NTFS permissions are full
> control for administrators and system, read-only for domain users. It
> mostly works as expected, however, why is it that when I log in to
> another server within the same domain with only the local admin
> account, I can edit all files within the share.
>
> Thanks,
> Pete



Posted by Steven L Umbach on July 14, 2006, 1:12 pm
Please log in for more thread options
It sounds like the built in administrator account has the same password on
the server with the share and the server you logged onto. If you can access
the administrative shares such as C$ on that server also then that would
verify they do have the same password. --- Steve


>I don't understand something... I have a file share on a server with
> full control share permissions but limited NTFS permissions propagated
> all the way down through the structure. NTFS permissions are full
> control for administrators and system, read-only for domain users. It
> mostly works as expected, however, why is it that when I log in to
> another server within the same domain with only the local admin
> account, I can edit all files within the share.
>
> Thanks,
> Pete



Posted by Joe Richards [MVP] on July 14, 2006, 1:49 pm
Please log in for more thread options
The local admin account and password are in sync. This is yet another
reason why different admin accounts should have different passwords.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

============================================================================
Do not read this worthless blog entry on
Defending Security Infrastructures http://blog.joeware.net/2006/07/11/445/
I'm serious, you will learn absolutely nothing about
Defending Security Infrastructures.
============================================================================

PL wrote:
> I don't understand something... I have a file share on a server with
> full control share permissions but limited NTFS permissions propagated
> all the way down through the structure. NTFS permissions are full
> control for administrators and system, read-only for domain users. It
> mostly works as expected, however, why is it that when I log in to
> another server within the same domain with only the local admin
> account, I can edit all files within the share.
>
> Thanks,
> Pete

Posted by PL on July 17, 2006, 9:25 pm
Please log in for more thread options
Thanks all, it was the synched password.



>I don't understand something... I have a file share on a server with
>full control share permissions but limited NTFS permissions propagated
>all the way down through the structure. NTFS permissions are full
>control for administrators and system, read-only for domain users. It
>mostly works as expected, however, why is it that when I log in to
>another server within the same domain with only the local admin
>account, I can edit all files within the share.
>
>Thanks,
>Pete


Similar ThreadsPosted
ntfs permissions, ownership, adding permissions January 13, 2006, 2:03 pm
Share permissions conflicting with NTFS permissions May 18, 2006, 1:16 pm
Permissions December 8, 2005, 2:09 pm
IIS permissions January 24, 2006, 6:50 pm
Permissions August 11, 2006, 12:29 pm
How should I do this? February 26, 2008, 3:29 am
COM+ Permissions February 29, 2008, 11:22 am
c:\ drive permissions June 23, 2005, 5:10 pm
Folders and permissions September 29, 2005, 5:35 pm
how to get effective permissions? January 9, 2006, 1:37 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap