Folder Permissions

T

Timothy Fitch

I come from a NetWare background so clue me in as I am missing something
here. Have a folder on a WinXP Pro sp2 workstation. Folder_A. I removed
Everyone rights and assigned Power Users group Read & Execute, List Folder
Contents and Read rights. Administrators group has Full rights. Advanced
section show Not Inherited on all groups. I have 2 sub folders Sub_A and
Sub_B. Sub_B has Read & Execute, List Folder Contents, Read and Modify for
the Power User group. Advanced tab shows Not Inherited for all groups. Sub_A
Inherited from c:\Folder_A and permissions as Read & Execute.

My question.. Why can a power user member add and delete files from Sub_A?
I would have thought that they could not.
 
S

Steven L Umbach

Double check that the user is not a member of the administrators group also. In addition check the folder permissions to make sure the user account does not show there with explicit permissions that may include write and that the user is not owner of the folder. It may also be helpful to see what it shows for the user in advanced - effective permissions though that may not always be 100 percent accurate. If you changed group membership of the user in question be sure to logoff and logon again to refresh the user's security token to include new group [or lack of] membership. The support tool whoami can show the groups a user belongs to in their security token. --- Steve



I come from a NetWare background so clue me in as I am missing something
here. Have a folder on a WinXP Pro sp2 workstation. Folder_A. I removed
Everyone rights and assigned Power Users group Read & Execute, List Folder
Contents and Read rights. Administrators group has Full rights. Advanced
section show Not Inherited on all groups. I have 2 sub folders Sub_A and
Sub_B. Sub_B has Read & Execute, List Folder Contents, Read and Modify for
the Power User group. Advanced tab shows Not Inherited for all groups. Sub_A
Inherited from c:\Folder_A and permissions as Read & Execute.

My question.. Why can a power user member add and delete files from Sub_A?
I would have thought that they could not.
 
J

Jason Tan

Hello,

Thanks for posting!

From your post I suggest you display discretionary access control list
(DACL) file using Cacls and check the issue.

For example,

In command line, input "Cacls c:\Sub_A"

For more information related to Cacls, please refer to the following URL.

Cacls
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-
us/cacls.mspx?mfr=true

Hope the information helps. If there is anything that is unclear, please
feel free to let me know.

Best Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



--------------------
| Mime-Version: 1.0
| Date: Thu, 16 Mar 2006 13:30:20 -0500
| X-Newsreader: Groupwise 6.5
| From: "Timothy Fitch" <[email protected]>
| Subject: Folder Permissions
| Content-Type: multipart/alternative;
boundary="____CWJDBBFKZQNBEZLKNVIJ____"
| Message-ID: <[email protected]>
| Newsgroups: microsoft.public.windowsxp.security_admin
| NNTP-Posting-Host: mail1.fisherassoc.com 66.153.44.18
| Lines: 1
| Path:
TK2MSFTNGXA03.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp1
3.phx.gbl
| Xref: TK2MSFTNGXA03.phx.gbl
microsoft.public.windowsxp.security_admin:181223
| X-Tomcat-NG: microsoft.public.windowsxp.security_admin
|
| I come from a NetWare background so clue me in as I am missing something
| here. Have a folder on a WinXP Pro sp2 workstation. Folder_A. I
removed
| Everyone rights and assigned Power Users group Read & Execute, List
Folder
| Contents and Read rights. Administrators group has Full rights.
Advanced
| section show Not Inherited on all groups. I have 2 sub folders Sub_A and
| Sub_B. Sub_B has Read & Execute, List Folder Contents, Read and Modify
for
| the Power User group. Advanced tab shows Not Inherited for all groups.
Sub_A
| Inherited from c:\Folder_A and permissions as Read & Execute.
| My question.. Why can a power user member add and delete files from
Sub_A?
| I would have thought that they could not.
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

NTFS permissions? 4
Default file/folder security permissions for a new user 3
How to Secure the folder 3
Local Power User on domain 1
XP Pro file permissions 10
Bizzare security behaviour 5
Error 1913. Setup cannot update file 2
Ownership 2

Top