List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Permission behavior in windows environment (domain)

Prev Next

You are not authorized to post a reply.

Author

Messages

boaz20

Posts:4

12/05/2008 3:53 PM
Dear Experts, I assume you all have a good explanation for the following scenario. Scenario A: in windows server 2003 domain (all DC are windows server 2003 SP2) group A (G) has full control on folder on one of the File server in the domain. I remove the full control permission and now the group members don't have any permission to the folder but yet they still can access the folder. Only when the members will log off/log on to the computer they will not have access to the folder. Scenario B: in windows server 2000 domain - same behavior as scenario A. Could you please share with me the explanation of this behavior and how can one avoid this behavior (if possible)? Thanks in advance, Boaz. -- Boaz.

Gil

Posts:311

12/05/2008 5:39 PM
Access tokens are created at login, so changes in permissions due to group membership don't re-evaluated until the user logs out and back in. -g From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Boaz Galil Sent: Friday, December 05, 2008 1:50 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Permission behavior in windows environment (domain) Dear Experts, I assume you all have a good explanation for the following scenario. Scenario A: in windows server 2003 domain (all DC are windows server 2003 SP2) group A (G) has full control on folder on one of the File server in the domain. I remove the full control permission and now the group members don't have any permission to the folder but yet they still can access the folder. Only when the members will log off/log on to the computer they will not have access to the folder. Scenario B: in windows server 2000 domain - same behavior as scenario A. Could you please share with me the explanation of this behavior and how can one avoid this behavior (if possible)? Thanks in advance, Boaz. -- Boaz.

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Permission behavior in windows environment (domain)

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads