Does 'deny a user' always override 'allow everyone'

Malik

Distinguished
Jul 5, 2004
3
0
18,510
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

I have a folder security setting as:

everyone: allow all
user bob : deny all

Will the 'deny user' rule always override anything else?. ie just because
'allow everyone' is enabled it is impossible for user bob to find a way to
access this folder?

TIA
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

What I have noted from my MS training is that explicated" Deny "Rules All controls over a file or folder that means that if you check " Deny" that rules , if you leave a permissions (open) or un checked not Alloy or Deny Windows defaults to “Deny� . It errors toward tight security.
16bit


"Malik" wrote:

> I have a folder security setting as:
>
> everyone: allow all
> user bob : deny all
>
> Will the 'deny user' rule always override anything else?. ie just because
> 'allow everyone' is enabled it is impossible for user bob to find a way to
> access this folder?
>
> TIA
>
>
>
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

"Malik" <me@privacy.net> wrote in message
news:1089019061.13429.0@nnrp-t71-02.news.uk.clara.net...
> I have a folder security setting as:
>
> everyone: allow all
> user bob : deny all
>
> Will the 'deny user' rule always override anything else?. ie just because
> 'allow everyone' is enabled it is impossible for user bob to find a way to
> access this folder?

Deny overides anything. Regardless of what permissions bob accumulates
through group membership. But. What if bob authenticates as a different
user? Consider an anonymous IIS account or Guest(if enabled)? All of a
sudden, bob isn't bob anymore.

>
> TIA
>
>
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Explicit deny overrides everything.

With the chain below, everyone but BOB could access whatever it is you secure
that way. However if you have any form of guest or anonymous access, BOB can
access the file through some other method than using his userid.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net



Malik wrote:
> I have a folder security setting as:
>
> everyone: allow all
> user bob : deny all
>
> Will the 'deny user' rule always override anything else?. ie just because
> 'allow everyone' is enabled it is impossible for user bob to find a way to
> access this folder?
>
> TIA
>
>
>
>
>