First of all sorry about posting a question regarding Win2k server on NT board but I didn't see a Win2k board. I have a departmental share setup on a Win2k member server. Kept the share at the default and locked down with NTFS permissions. The problem is that I have subfolders set to modify access for the appropriate groups as I want but Modify seems to leave a big hole in my Folder security. For example,(Folder B)with only the follwing permissions set: Administrators w/Full control and GroupBhas Modify access. "Modify" - as you know -doesn't allow "Change Permissions" according to the Security Config Editor. However, members of GroupB can create a folder/file in FolderB and grant access to anyone they want. Even though this newly permitted user can't browse to the resource (using Network N'hood, etc) because they are blocked higher up, they can reach the new resource via a UNC directly to the resource to which they have been granted access by a member of GroupB. I want users to be able to create folders/files in their group folders but I don't want them to be able to bypass security on the folders by granted access to others. If modify doesn't allow "change permissions" why are they able to do this.
Thanks
This conversation is currently closed to new comments.
modify the ntfs permissions on the shares you want to protect, On the security tab set to allow inheritable permissions from parent folder. This such keep the same permission in the sub-folders.
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
File permissions - Win2k server
I have a departmental share setup on a Win2k member server. Kept the share at the default and locked down with NTFS permissions. The problem is that I have subfolders set to modify access for the appropriate groups as I want but Modify seems to leave a big hole in my Folder security. For example,(Folder B)with only the follwing permissions set: Administrators w/Full control and GroupBhas Modify access. "Modify" - as you know -doesn't allow "Change Permissions" according to the Security Config Editor. However, members of GroupB can create a folder/file in FolderB and grant access to anyone they want. Even though this newly permitted user can't browse to the resource (using Network N'hood, etc) because they are blocked higher up, they can reach the new resource via a UNC directly to the resource to which they have been granted access by a member of GroupB. I want users to be able to create folders/files in their group folders but I don't want them to be able to bypass security on the folders by granted access to others. If modify doesn't allow "change permissions" why are they able to do this.
Thanks