General discussion

Locked

Best Practice for Setting Permissions

By heckfire ·
What is the best practice for setting folder permissions in NT 4? The network home drives have been created and I need access to many of the home drives, how should my NetAdmin efficiently and effectively set the permissions?

Thanks,

Michelle Post

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Best Practice for Setting Permissions

by Integrity In reply to Best Practice for Setting ...

The best way setup access rights to folders and files is to remember this:
UGLR (pronounced uglier)
Stands for User, Global, Local, Rights
Put a user into a Global group (if required), then put that Global group into a Local group, then assign Rights.
Do not assign rights to individual folders and files, reason being if a disaster happens and you need to reassign the permissions, it would be a nightmare, using the UGLR rule you only need to recreate the groups then reassign the permissions to them groups.

Also always make sure that once you have created all your users that rights (permissions) are accumulative, meaning that if a person is a member of two groups and have different rights to certain folders then the lowest access rights will be granted to maintain security, if the user who has write permissions to a file also belongs to a group who has only read permissions then READ permission is the effective right that he/she will have thus preventing him/her from writing to the file.

Also when you have created your users and groups make a back on a floppy using the rdisk /s command in DOS, this will backup the SAM with the rights, this can then be used to restore in the event of a disaster.

Hope this is of some assistance.

Collapse -

Best Practice for Setting Permissions

by heckfire In reply to Best Practice for Setting ...

The question was auto-closed by TechRepublic

Collapse -

Best Practice for Setting Permissions

by Magetower In reply to Best Practice for Setting ...

Answer 1 is correct except for the overlapping of permissions. The highest file permissions are used if the user belongs to more than one group with access to the files. If userA is in groupa with read only and groupb with read/write, userA will be able to read and write.

good luck...

Collapse -

Best Practice for Setting Permissions

by heckfire In reply to Best Practice for Setting ...

The question was auto-closed by TechRepublic

Collapse -

Best Practice for Setting Permissions

by BradleyMGX In reply to Best Practice for Setting ...

They're actually both right. You get specifically denied permission and unspecifically denied permision. Example:
If a user has Read permission by being a member of a Group, then they have unspecifically been denied Write Access. If they are then given Read and Write access in another Group then they have specified Write access and can now Write to that file/folder. If they are apart of another Group which specifies Denial of Write access then they now have specified denial of access to that file/folder.

I don't know if any meaning got through my long winded explanantion, but he's basically write as in adding users to groups and then giving permission to those groups is best practice.

Collapse -

Best Practice for Setting Permissions

by heckfire In reply to Best Practice for Setting ...

The question was auto-closed by TechRepublic

Collapse -

Best Practice for Setting Permissions

by heckfire In reply to Best Practice for Setting ...

This question was auto closed due to inactivity

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums