Denials effect all groups and users instead of the one their assigned to.

  • Thread starter Thread starter Tom
  • Start date Start date
T

Tom

Denials effect all groups and users instead of the
one their assigned to. Is there any switch that controls
this?

Thanks in advance,

Tom
 
I am administrator (user name Tom) a member of
Administrators, and Power Users. When I put a deny on
user name Carrie, a member of Users only, the deny
affects me, too, no matter which deny I do it still
effects me.

Thank You,

Tom
 
On what resource? Is this folder restriction or some operating system
restriction that you would like to setup...
 
In this case you don't have to put denial permission. (I wouldn't do it --
specially not on Users group since everyone created on the PC will be part
of that group by default...). Try to stay away from deny.

Remember this rule!!!
***
On WinodwsXP most restrictive group will prevail. So if you have full access
on a resource as a member of Administrator group and deny access as a member
of Users group you will be denied access to this resource.
****

Best practice is (would be):
- remove everyone from the folder permission
- give users that need to access this folder appropriate permission (Read,
Write, ...)
(- give administrator full control in case there is no one else with full
control)

This (if setup properly) will deny user "Carrie" access to the folder...
 
You mean that even though I don't have users as my
group, I am still a member of Users by default?

Thank you,

Tom
 
You are not a member of Users group only if you have removed yourself from
the group. By default any new user created on the system will first be
member of User group. Then you can add him to another groups and e.g. remove
him from Users group...

Open your account properties and check Member of tab. If shows Users group
then you are still a member. If you are still a member then setting deny on
a folder will also effect you even if you are also in Administrator and
Power user group...
 
When I go into the "Tom Properties" screen to the
members of tab, it says Administrators and Power Users
only. It does not say Users. But, when I deny Users, it
affects my user. That is the problem.

Thanks for working with me on this,

Tom

P.S. How would I open the "account" properties?
 
Did you put any allow permissions on this folder that you would like to
restrict access to? Did you remove Everyone permission from the folder?

You can open your account properties by e.g. right click My Computer ->
Manage -> Local Users and Groups -> Users -> double click on user e.g.
"mike" ...

Mike
 
That is the way I did it, I just didn't know the
term "account" in the PC frame of reference.

Once again this is a test of a more elaborate
security scheme. But, I have to have denial capibility,
and my first test of it for Users applied to non-User
accounts. I need to know deny works and how to deny
Users, without having it affect Power Users or
Administrators.

My test was set up like this:

Folder1
Folder2
File2
File1

On Folder1 I unchecked the inherit box. Then I
allowed "Tom" full control and I denied Users full
control.

But, I was surprised to find that "Tom" couldn't
even view the contents of Folder1.

Do you have any ideas?

Thank You,

Tom
 
I did it the way you described it and it works for me as it should... It
allowed me full access and denied access to the other user...

What have you done with everyone permission on the folder in your tests?
Why do you need deny permission? Personally I try to stay away from it as
much as possible. There are always other options to block user's access...

Mike
 
I'm sorry, but I had to go yesterday.

So, what is not working correctly with my system.
Why does deny on the User group take away my access to
the files? My origional question.

Thanks for helping,

Tom
 
Back
Top