Avoid inconsistent permissions

A mixture of share & file permissions with resources assigned to groups & users can create mixed or clashing permissions.

You can develop some problems from assigning mixed permissions. Mixed or contradictory permissions occur when there

is a mixture of share and file permissions with resources assigned to groups and users.

When you don't properly assign permissions, or when there are contradictory permissions, Windows will use the most restrictive permission. If, for example, a user is a member of a group that has read-only access to a shared resource and is also a member of another group that has full control over the same shared resource, then read-only permission will apply since this is the more restrictive permission.

Before assigning permissions to groups and users, you should properly plan and test the shared permissions to make sure they work properly. The last thing you want is a user who was given read access to sub folder also having the same access to a restricted folder!

Another problem area is ownership. With NT file system (NTFS), if a user creates a folder or file, he/she automatically becomes the owner and is able to perform any changes necessary to the file or folder. So you should allow users to create sub folders only in their respective home directories. Periodically, however, you should investigate file/folder permissions created for users outside of the home directory and, if necessary, apply ownership to the administrator account. Why? If permissions for a new user need to be added to a shared folder, and the files in this folder are owned by another user, then the new user will not be granted permissions to use the folder.


Adesh Rampat is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.

Did you like this tip? If so, (or if not) why not let us know. Send an email to us and sound off.


This was first published in May 2001

Dig deeper on User passwords and network permissions

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close