Be careful with NTFS permissions
Fiddling with NTFS permission can have unexpected results, as this tip from reader Michael Murdock illustrates. Do you have a security tip? Why not send it in? We'll enter you in our tips contest for some neat prizes, and we'll post your tip on our site.
If you remove standard NTFS permissions in the wrong order, some undesirable special NTFS permissions can be left behind.
Here's an example. Choose a file with all of the NTFS permissions selected for a particular user or group, then clear the Write permission and click Apply. The OS automatically removes Full Control and Modify (leading you to believe that only Read and Execute remains).
Now, go have a look in the Advance Properties for the special NTFS permissions and you will see that the Delete permission remains. And guess what? That user/group is able to delete that file.
Always adjust standard NTFS permission by removing the most powerful first (least restrictive), i.e. remove Full Control, then Modify, then Write, etc.
Just because you clear the Read permission and the OS automatically clears the others, do not assume it is always correct. Always check special NTFS permissions.
Did you like this tip? Why not let us know. Email to sound off.
Windows 2000 Security Handbook
Author : Tom Sheldon and Phil Cox
Publisher : McGraw-Hill
Published : Dec 2000
Deploy and administer bullet-proof Windows 2000 security policies. This book explains how to safeguard intranet, Internet, and e-commerce transactions with IPSec, defend against hacking, spoofing, sniffing, and DDS attacks, and secure your network with firewalls, proxy servers, and VPNs.
This was first published in July 2001