Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: Re: [ActiveDir] [OT] Permission behavior in windows environment (domain)
Prev Next
You are not authorized to post a reply.

AuthorMessages
boaz20User is Offline

Posts:4

12/05/2008 5:33 PM  
Thanks for the fast respond.

Let me rephrase my question.

Group A (G) has NTFS permission to folder X. if I remove one of the member
from the group. That member will still have permission to folder X until he
will do logoff logon.

If this is by design – could you please provide some explanation on this
issue – as it looks like a security hole.

What do you suggest to do in scenario like that?


On Sat, Dec 6, 2008 at 12:00 AM, joe <listmail@joeware.net> wrote:

> First off, if this is all about changing file permissions, it is OT,
> please label as such.
>
> Are you changing share perms or file perms?
>
> I could see where possibly changing share perms may cause you to have to
> reconnect in order to have the new perms. But file level perms occur nearly
> instantly so there shouldn't be a problem there.
>
> If you are actually changing the groups the users are in, then that
> requires a logon/logoff.
>
>
>
> --
> O'Reilly Active Directory Fourth Edition -
> http://www.joeware.net/win/ad4e.htm
>
>
>
> ------------------------------
> *From:* ActiveDir-owner@mail.activedir.org [mailto:
> ActiveDir-owner@mail.activedir.org] *On Behalf Of *Boaz Galil
> *Sent:* Friday, December 05, 2008 3:50 PM
> *To:* ActiveDir@mail.activedir.org
> *Subject:* [ActiveDir] Permission behavior in windows environment (domain)
>
> Dear Experts,
>
>
>
> I assume you all have a good explanation for the following scenario.
>
> Scenario A: in windows server 2003 domain (all DC are windows server 2003
> SP2) group A (G) has full control on folder on one of the File server in the
> domain.
>
> I remove the full control permission and now the group members don't have
> any permission to the folder but yet they still can access the folder. Only
> when the members will log off/log on to the computer they will not have
> access to the folder.
>
> Scenario B: in windows server 2000 domain - same behavior as scenario A.
>
>
>
> Could you please share with me the explanation of this behavior and how can
> one avoid this behavior (if possible)?
>
>
>
> Thanks in advance,
>
>
>
> Boaz.
>
>
> --
> Boaz.
>



--
Boaz.

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > Re: [ActiveDir] [OT] Permission behavior in windows environment (domain)



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:mish
New TodayNew Today:2
New YesterdayNew Yesterday:5
User CountOverall:4858
People OnlinePeople Online:
VisitorsVisitors:57
MembersMembers:0
TotalTotal:57
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use