Avoid inconsistent permissions

A mixture of share & file permissions with resources assigned to groups & users can create mixed or clashing permissions.

You can develop some problems from assigning mixed permissions. Mixed or contradictory permissions occur when there...

is a mixture of share and file permissions with resources assigned to groups and users.

When you don't properly assign permissions, or when there are contradictory permissions, Windows will use the most restrictive permission. If, for example, a user is a member of a group that has read-only access to a shared resource and is also a member of another group that has full control over the same shared resource, then read-only permission will apply since this is the more restrictive permission.

Before assigning permissions to groups and users, you should properly plan and test the shared permissions to make sure they work properly. The last thing you want is a user who was given read access to sub folder also having the same access to a restricted folder!

Another problem area is ownership. With NT file system (NTFS), if a user creates a folder or file, he/she automatically becomes the owner and is able to perform any changes necessary to the file or folder. So you should allow users to create sub folders only in their respective home directories. Periodically, however, you should investigate file/folder permissions created for users outside of the home directory and, if necessary, apply ownership to the administrator account. Why? If permissions for a new user need to be added to a shared folder, and the files in this folder are owned by another user, then the new user will not be granted permissions to use the folder.


Adesh Rampat is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.

Did you like this tip? If so, (or if not) why not let us know. Send an email to us and sound off.


This was first published in May 2001

Dig Deeper on User passwords and network permissions

PRO+

Content

Find more PRO+ content and other member only offers, here.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

  • VDI assessment guide

    Wait! Don't implement VDI technology until you know your goals and needs. A VDI assessment should consider the benefits of a VDI ...

  • Guide to calculating ROI from VDI

    Calculating ROI from VDI requires a solid VDI cost analysis. Consider ROI calculation models, storage costs and more to determine...

  • Keep the cost of VDI storage under control

    Layering, persona management tools and flash arrays help keep virtual desktop users happy and VDI storage costs down.

SearchWindowsServer

SearchExchange

Close