Tip

Avoid inconsistent permissions

You can develop some problems from assigning mixed permissions. Mixed or contradictory permissions occur when there is a mixture of share and file permissions with resources assigned to groups and users.

When you don't properly assign permissions, or when there are contradictory permissions, Windows will use the most restrictive permission. If, for example, a user is a member of a group that has read-only access to a shared resource and is also a member of another group that has full control over the same shared resource, then read-only permission will apply since this is the more restrictive permission.

Before assigning permissions to groups and users, you should properly plan and test the shared permissions to make sure they work properly. The last thing you want is a user who was given read access to sub folder also having the same access to a restricted folder!

Another problem area is ownership. With NT file system (NTFS), if a user creates a folder or file, he/she automatically becomes the owner and is able to perform any changes necessary to the file or folder. So you should allow users to create sub folders only in their respective home directories. Periodically, however, you should investigate file/folder permissions created for users outside of the home directory and, if necessary, apply ownership to the administrator account. Why? If permissions for a new user need to be added to a shared folder, and the files in this folder are owned by another user, then the new user will not be granted permissions to use the folder.


Adesh Rampat is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.

Did you like this tip? If so, (or if not) why not let us know. Send an email to us and sound off.


This was first published in May 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.