News:

Choose a design and let our professionals help you build a successful website   - ITAcumens

Main Menu

Configuring NTFS Permissions

Started by rishiberi, Feb 07, 2009, 06:19 PM

Previous topic - Next topic
Go Down Pages1

rishiberi

Feb 07, 2009, 06:19 PM
1. Using the Active Directory Users And Computers utility, create two users: Marilyn and

Dan. (See Chapter 3, "Managing Users, Groups, and Computers," for details on using the

Active Directory Users And Computers utility.) Deselect the User Must Change Password

At Next Logon option.

2. Using the Active Directory Users And Computers utility, create four global security groups:

Accounting, Execs, Sales, and Temps. Add Marilyn to the Accounting and Execs groups,

and add Dan to the Sales and Temps groups.

3. Select Start _ Windows Explorer. Expand the D:\Data folder you created in Exercise 5.1.

4. Right-click the Data folder, select Properties, and click the Security tab.

5. In the Security tab of the folder Properties dialog box, highlight the Users group and click

the Remove button. You see a dialog box telling you that you cannot remove Users because

it is inheriting permissions from a higher level. Click the OK button.

6. Click the Advanced button. Deselect the Allow Inheritable Permissions From The Parent To

Propagate To This Object And All Child Objects checkbox, and click Copy in the Security

dialog box in case you need to restore the permissions later. Click OK to exit the Advanced

Security Settings dialog box. Now remove the Users group from the Security tab of the

folder Properties dialog box.

7. Configure NTFS permissions for the Accounting group by clicking the Add button. In the

Select Users Or Groups dialog box, enter Accounting; Execs; Sales; Temps, and click

the OK button.

8. In the Security tab, highlight each group and check the Allow or Deny checkboxes to add

permissions as follows:

·          _ For Accounting, allow Read & Execute (List Folder Contents and Read will automatically be allowed) and Write.

·          _ For Execs, allow Read.

·          _ For Sales, allow Modify (Read & Execute, List Folder Contents, Read, and Write will automatically be allowed).

·          _ For Temps, deny Write.

9. Click the OK button to close the folder Properties dialog box.

10. You will see a Security dialog box cautioning you about the deny entry. Click the Yes

button to continue.

11. Log off as Administrator and log on as Marilyn. Access the D:\Data\Doc1 file, make

changes, and then save the changes. Marilyn's permissions will allow these actions.

12. Log off as Marilyn and log on as Dan. Access the D:\Data\Doc1 file, make changes, and then

save the changes. Dan's permissions will allow Dan to open the file but not to save any

changes.

13. Log off as Dan and log on as Administrator
Go Up Pages1