Basic Strategies and Principles for Setting NTFS Permissions in WinXP (2)

4 Accumulation Principles

This principle is better understood, assuming that the "zhong" user now belongs to both the "A" user group and the "B" User group, its permission in the A user group is "read", and the permission in the "B" user group is "write", then according to the accumulation principle, the actual authority of the "zhong" user will be "read + Write "two.

Obviously, the "rejection is better than allowed" principle is used to resolve conflicts in permission settings; the "permission minimization" principle is used to secure resources; the "permission inheritance" principle is used for "Automation" performs permission settings; and "Accumulate principle" makes the setting of permissions more flexible. Several principles are useful, and the lack of one will bring a lot of trouble to the setting of permissions!

Note: In Windows XP, all members of the "Administrators" group have the "Take Ownership" right, that is, members of the Administrators group can "capture" from other users. The power of its identity, such as the restricted user "shyzhong", establishes a DOC directory and only gives itself the right to read. This seemingly thoughtful permission setting, in fact, all members of the "Administrators" group will be able to "capture" Ownership" and other methods get this permission.

5 file permissions to override the permissions of the folder

Looks like the document has such a, do not know if the document version is too old, the individual file permissions will be prioritized by the system Fortunately, it looks like

Two permissions other

1 Cancel the "Everyone" full control permission

Select the file or folder to cancel the permission, right click and select the property, in "Security" Find the ACE of "Everyone" in the ACL under the tab, select Edit, and remove the checkmark before the "Full Control" permission.

2 The effect of copying and moving folders on permissions

In the application of permissions, it is inevitable that the resources after setting the permissions need to be copied or moved, then this time How will the corresponding permissions of the resource change? Let's take a look at it:

(1) When copying resources

When copying resources, the permissions of the original resources will not change, and the newly generated resources will inherit their target location parent. Permissions for resources.

(2) When moving resources

When moving resources, there are generally two situations. First, if the movement of resources occurs in the same drive, the object retains its original Permissions are unchanged (including the permissions of the resource itself and the permissions originally inherited from the parent resource); second, if the movement of the resource occurs between different drives, not only the permissions of the object itself will be lost, but also from the parent resource. Inherited permissions are also replaced by permissions inherited from the parent resource at the target location. In fact, the move operation is the first operation to copy the resource and then delete the resource from the original location.

(3) Non-NTFS Partitions

The above changes in permissions when copying or moving resources are only for NTFS partitions, if you copy or move resources to non-NTFS partitions (such as FAT16) /FAT32 partition), then all permissions will be automatically lost.