one share with everyone FULL permission on share
NTFS security: GRoup1 modify; GRoup2 Read access
user Cindy is a member of group1 and Group2.
Should Cindy just have read access to this share since most restrictive
permission applies? But, when I test Cindy on effective permission, it shows
that Cindy has modify rights?
Can anyone share insights?
why Cindy has modify rights?
July 30th, 2015 3:00pm
NTFS permissions alone are cumulative (Least Restrictive).
Cindy will have both (Read and Modify).
It is most restrictive when taking into account Share 'AND' NTFS permissions.
So when coming in a share
Share permissions apply first
Then NTFS
Most Restrictive between the Share permissions and the NTFS Permissions
Then NTFS is combined as long as it does not exceed the Share permissions.
Link that may help.
https://technet.microsoft.com/en-us/library/Cc754178.aspx?f=255&MSPPError=-2147217396
The below link is a pretty decent write up
http://www.basvankaam.com/2013/06/15/share-vs-ntfs-permissions/
- Edited by vaadadmin2010 11 hours 48 minutes ago
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 3:05pm
Hi John,
Thanks for your post.
Vaadadmin gives a good explanation about NTFS and Share Permissions. And in your scenairo, that user Cindy has both Read and Modify permissions. She will have the modify permission since she is in GRoup1. Read access is rescricted for the member in GRoup2. For Cindy, her explict allow permission is modify permission and read permission. If you were talking about using Deny permissions, the precedence of permissions comes into play.
You could also the article for more reference.
https://technet.microsoft.com/en-us/magazine/2006.01.howitworksntfs.aspx
Best Regards,
Mary Dong
July 31st, 2015 1:02am
This topic is archived. No further replies will be accepted.
Other recent topics
