Home
Certification Preparation
Microsoft
MCTS / MCITP on Windows 2008 General
Permissions
epulone
Sorry for my basic question.
If I want to give permissions to read write or full controll etc... I just need to use the security tab from the properties of a resource and tick on allow. If I want to block the permission for an object ex: user or group I can use deny ....but removing the object from the list [group or users name] seems has the same effect >> no permission<<. Actually....what is the difference between the two actions?
Many Thanks
Find more posts tagged with
Comments
ptilsen
Deny takes precedent over allow. This has very significant impact. Say for example, user A is a member of groups 1 and 2. User B is a member of only group 1, and user B is a member of only group 2. Let's say you don't want user B to have access to a directory named confidential, which groups 1 and 2 both have access to. If you remove group 1 from the ACL of confidential, user B will no longer have access. User A will still retain access since the user is a member of group 2. If you deny group 1 access, User A will also be denied access since User A is a member of group 1.
For this reason, it is
usually
preferable
not
to deny objects rights, but rather to only grant rights to those objects which should have them.
epulone
Many thanks Ptilsen. Perfect
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
