Determining Effective NTFS Permissions in Windows Server 2003
|
Rather Have Fast and Secure Remote
Control?
|
Taking things a step further, I want to explore the effective permissions associated with the Everyone group. Instead of supplying the username, in this case I supply the group name. Recall that the Everyone group has been granted the Allow Read permission only. In this case, notice that the permission list is significantly more restricted, listing only the special permissions associated with the standard Read permission, as shown below. This same process can be used for any user or group for which you require effective permissions information.
Unfortunately, the effective permission feature is not without inherent faults. First and foremost, the tool does nothing to assess the impact of any shared folder permissions that may apply, and as such, the results the tool provides may not be accurate based on your particular settings. Secondly, the tool only determines effective permissions based on the user or group membership, and not on the method of logon. For example, although most users logon to a system interactively, the permissions associated with resource access may be impacted by permissions applied to system groups like Network. Because of this, a user’s effective permissions might be full control on the local system based on membership, but may be further restricted by permissions applied to the Network group.
In fact, none of the system groups (Batch, Dialup, System, Network, etc) are used as part of determining the effective permissions of a user or group.
Because of this, the Windows Server 2003 documentation states that the Effective Permission feature provides only an approximation of the real effective permissions that apply to a user. While this is certainly not perfect, the model which Microsoft has used to implement security (and the manner in which this data is stored) make it difficult to get an exact reading on things like effective permissions. However, for almost all system administrators, the inclusion of such a tool in Windows Server 2003 will help to save some of the time, energy, and frustration experienced in the past when trying to calculate the impact of different NTFS permissions, especially in large environments.
Written by Dan DiNicolo - Visit WebsiteGo To Page: 1 2
Next post in Windows 2003:
Shadow Copies of Shared Folders - Part 1
Previous post in Windows 2003:
The Resultant Set of Policy (RSoP) Tool
All Tutorials by Category:
- CCDA Study Guide
- CCNA Study Guide Chapter 01
- CCNA Study Guide Chapter 02
- CCNA Study Guide Chapter 03
- CCNA Study Guide Chapter 04
- CCNA Study Guide Chapter 05
- CCNA Study Guide Chapter 06
- CCNA Study Guide Chapter 07
- CCNA Study Guide Chapter 08
- CCNA Study Guide Chapter 09
- CCNA Study Guide Chapter 10
- CCNA Study Guide Chapter 11
- CCNA Study Guide Chapter 12
- Cognos
- Computer Hardware
A
C
D
E
F
G
H
I
L
M
N
Entire site Copyright © 1999-2007 2000Trainers.com, all rights reserved.
Content on this site may not be copied or reproduced in any way without permission.
