A
Andrey Tarasevich
Hello
I'm looking for a more or less formal description of how XP Pro NTFS
file permissions work. Maybe someone can point me in the right
direction. Everything I could find on microsoft.com was rather
incomplete, couldn't give me the full picture and quickly degraded to
"How to.." level, which is not what I'm looking for.
Consider the following example. Let's say I'm logged in as an
'Administrator' - member of 'Administrators' group. I create a folder,
say, 'C:\Test'. The I explicitly specify the following permissions for
'C:\Test':
* 'Administrators' group:
Allow - Full Control
* 'Users' group:
Allow - Read & Execute
Allow - List Folder Contents
Allow - Read
Deny - Write
Permission inheritance is disabled for this folder. Now I, still logged
on as 'Administrator', enter 'C:\Test' folder and try to create another
folder inside. XP refuses with 'Access is denied' message box. Why?!!
If I remove 'Deny - Write' setting from 'Users' group, 'Administrator'
is allowed to perform modifications inside 'C:\Temp'. How come 'Deny'
setting applied to 'Users' group affects permissions of 'Administrators'
group?
Another question is related to built-in 'Everyone' group. What is the
role of this group on XP permission system? It looks like this is some
meta-group all other groups are included into. Or is it other way
around? Are there any other implicit hierarchical relationships between
other built-in XP user groups?
I'm looking for a more or less formal description of how XP Pro NTFS
file permissions work. Maybe someone can point me in the right
direction. Everything I could find on microsoft.com was rather
incomplete, couldn't give me the full picture and quickly degraded to
"How to.." level, which is not what I'm looking for.
Consider the following example. Let's say I'm logged in as an
'Administrator' - member of 'Administrators' group. I create a folder,
say, 'C:\Test'. The I explicitly specify the following permissions for
'C:\Test':
* 'Administrators' group:
Allow - Full Control
* 'Users' group:
Allow - Read & Execute
Allow - List Folder Contents
Allow - Read
Deny - Write
Permission inheritance is disabled for this folder. Now I, still logged
on as 'Administrator', enter 'C:\Test' folder and try to create another
folder inside. XP refuses with 'Access is denied' message box. Why?!!
If I remove 'Deny - Write' setting from 'Users' group, 'Administrator'
is allowed to perform modifications inside 'C:\Temp'. How come 'Deny'
setting applied to 'Users' group affects permissions of 'Administrators'
group?
Another question is related to built-in 'Everyone' group. What is the
role of this group on XP permission system? It looks like this is some
meta-group all other groups are included into. Or is it other way
around? Are there any other implicit hierarchical relationships between
other built-in XP user groups?