NTFS & explicit permissions

[Daniel Weber]

Hello Everyone,

what must be done to give only Administrators and SYSTEM full access to a
NTFS partition and and few other users only (they access the partition via
virtuel FTP directories) access to one directory each?

I tried to give the partition root only full access for Administrators and
SYSTEM and each FTP-user full access for his directory only, but then each
FTP-user has access to all other FTP-users directories.

If I additionally deny full access in the partition root for the
FTP-Users-Group, then no FTP-users has access to his directory?

Bye & thanks in advance,
Daniel

 

[Trevor]

The "Deny" permission always takes precidence over
anything else. For example:

UserA belongs to GroupA

DirectoryA has the following assigned NTFS permissons:
UserA--Full Control
GroupA--Deny

The "Deny" permission takes precidence so UserA cannot
access DirectoryA.

To resolve assign the following NTFS permissions to
DirecotryA:
UserA--Full Control

**That's it. Do not assign the GroupA anything. If NTFS
permissions are not assigned explicitly, then users will
not have access.

Why then is there a DENY permission? See this example:

UserA belongs to GroupA

DirectoryA NTFS permissions are as follows:
GroupA--Full Control
UserA--Deny

**Even though GroupA has full control, and UserA is part
of that group, becuase Deny always takes precedence I can
single out this user from the group permission.

Hope that helps....

 

[Daniel Weber]

To resolve assign the following NTFS permissions to
DirecotryA:
UserA--Full Control

**That's it. Do not assign the GroupA anything. If NTFS
permissions are not assigned explicitly, then users will
not have access.

Thats what I tried first, but if I don't deny my FTP users the access, they
have access to all folders (altough they are not listed in any access list).

Bye,
Daniel