Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Microsoft
Permissions
epulone
Sorry for my basic question.
If I want to give permissions to read write or full controll etc... I just need to use the security tab from the properties of a resource and tick on allow. If I want to block the permission for an object ex: user or group I can use deny ....but removing the object from the list [group or users name] seems has the same effect >> no permission<<. Actually....what is the difference between the two actions?
Many Thanks
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
ptilsen
Deny takes precedent over allow. This has very significant impact. Say for example, user A is a member of groups 1 and 2. User B is a member of only group 1, and user B is a member of only group 2. Let's say you don't want user B to have access to a directory named confidential, which groups 1 and 2 both have access to. If you remove group 1 from the ACL of confidential, user B will no longer have access. User A will still retain access since the user is a member of group 2. If you deny group 1 access, User A will also be denied access since User A is a member of group 1.
For this reason, it is
usually
preferable
not
to deny objects rights, but rather to only grant rights to those objects which should have them.
epulone
Many thanks Ptilsen. Perfect
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
