There are four basic principles for permissions in Windows XP. You should pay attention to these basic principles when setting NTFS permissions. We still need to pay special attention to the various permission settings of Windows XP.
A basic strategy and principles for setting NTFS permissions
In Windows XP, there are four basic principles for the management of permissions: rejection is better than the permissive principle, the principle of minimization of permissions, the principle of accumulation and the inheritance of permissions. The principle of sex. These four basic principles will play a very important role in the setting of permissions. Let's take a look at it:
1 Rejection is better than the allowed principle
"Principle is a very important and fundamental principle. It can perfectly handle the "disputes" caused by the user's attribution in the user group. For example, the user "shyzhong" belongs to the "shyzhongs" user group. Belongs to the “xhxs” user group. When we assign a “write” permission to a resource in the “xhxs” group (that is, for the user group), the “shyzhong” account in the group will automatically have “this time”. Write permission.
But what is strange is that the "shyzhong" account clearly has the "write" permission for this resource. Why can't it be executed in actual operation? Originally, in the "shyzhongs" group, the "shyzhong" user was also given permission settings for this resource, but the set permission was "reject write". Based on the principle of "rejection is better than allowed", the permission of "shyzhong" to be "rejected to write" in the "shyzhongs" group will be executed in preference to the permitted "write" permission granted in the "xhxs" group. Therefore, in actual operation, the "shyzhong" user cannot perform a "write" operation on this resource.
2 Principle of Permission Minimization
It is very necessary for Windows XP to implement "Keeping the user's minimum permissions" as a basic principle. This principle ensures maximum security for resources. This principle can try to limit the resources that users can't access or need to access without effective permissions.
Based on this principle, in the actual authority assignment operation, we must explicitly give the resource permission to allow or deny the operation. For example, the new restricted user "shyzhong" in the system does not have any permission to the "DOC" directory by default. Now you need to give this user permission to "read" the "DOC" directory, then you must be in " Add "Read" permission to the "shyzhong" user in the permission list of the DOC" directory.
3 Permissions Inheritance Principles
The Permissions Inheritance principle makes it easier to set permissions for resources. Suppose now that there is a "DOC" directory. There are subdirectories such as "DOC01", "DOC02", "DOC03" in this directory. Now you need to set "shyzhong" for the DOC directory and its subdirectories. "Permissions. Because of the inheritance principle, you only need to set the "write" permission for the "shyzhong" user of the "DOC" directory. All subdirectories under it will automatically inherit the settings of this permission.
4 Accumulation Principle
This principle is better understood, assuming that the “zhong” user now belongs to both the “A” user group and the “B” user group, and its permissions in the A user group. Is "read", the permission in the "B" user group is "write", then according to the accumulation principle, the actual authority of the "zhong" user will be "read + write".
Obviously, the "rejection is better than allowed" principle is used to resolve conflicts in permission settings; the "permission minimization" principle is used to secure resources; the "permission inheritance" principle is used for "Automation" performs permission settings; and "Accumulate principle" makes the setting of permissions more flexible. Several principles are useful, and the lack of one will bring a lot of trouble to the setting of permissions!
Note: In Windows XP, all members of the "Administrators" group have the "Take Ownership" right, that is, members of the Administrators group can "capture" from other users. The power of its identity, such as the restricted user "shyzhong", establishes a DOC directory and only gives itself the right to read. This seemingly thoughtful permission setting, in fact, all members of the "Administrators" group will be able to "capture" Ownership" and other methods get this permission.
We often download the unknown file that the system does not recognize. For this kind of file, everyo
We often encounter some good webpages when browsing the webpage, or we often collect these webpages
Although xp is about to enter the age of aging, its value is something we cant ignore. Its personali
After using the computer for a few years, there will always be some problems. Especially the compute
Win XP operating system image production skills big release
Introducing the window xp system/2000 system little-known security command
How to add text on the page title of WinXP system?
Win xp system loopholes are not small How to avoid
Why can't the system run any application?
Some techniques for manually disabling USB flash drive
How to solve Windows XP support DX10 problem
Reinstall Windows XP Experience Skills Large Inventory
I deleted the file by mistake. I don't need to change the file before the modification.
Reinstalling WinXP Experience Skills Large Inventory
Win10 official version of the basic stereotype into the problem repair phase
Burn music CDs with Windows XP
Full-scale combat Win XP firewall
How to synchronize Windows settings on Win8 old and new computers
Windows Vista Frequently Asked Questions and Solutions
Microsoft released Win10 consumer version: Win7 free upgrade
Dealing with "phishing", the IE 6 anti-phishing plugin to help
Win10 clears the glacial Trojan virus method
Win10 upgrade error error code 0x8024001e solution
Speed up the system by turning off virtual memory in Vista