Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Share and NTFS permissions

from [Jim Harrison] Network Security [Permanent Link]
Subject: RE: Share and NTFS permissions
Date: Tue, 9 Jan 2007 06:14:04 -0800 
That's exactly what "owner" implies.
The resource belongs to them and they have the ability to do what they
will with it.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Monrad.DC@Forces.gc.ca
Sent: Friday, January 05, 2007 10:24 AM
To: focus-ms@securityfocus.com
Subject: RE: Share and NTFS permissions

We have found an issue with giving full rights to the share:
        The NTFS file owner can still change permissions.

The creator of a file is the owner and has the ability to change NTFS
permissions on that file/folder, regardless of what the existing NTFS
rights are!
This allows the file creator to alter the permissions either blocking
access or giving excess permissions.

A solution in this case is to create the share with Everyone( or
Authenticated Users/Given group...) Change rights and Administrators
FULL Control.  NTFS is then set as desired.  Limiting the share to
Change prevents the owner from modifying NTFS rights if accessing the
file through the share, but leaves everything else.

Drew Monrad 

All mail to and from this domain is GFI-scanned.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Deploying Microsoft SMS in a DMZ, Securi Net
Next by Date:  RE: Share and NTFS permissions, M. Burnett
Previous by Thread:  RE: Share and NTFS permissions, Monrad . DC
Next by Thread:  RE: Share and NTFS permissions, M. Burnett
Indexes:  [Date] [Thread] [Top] [All Lists]