Lesson 3: Solving Permissions Problems

Previous page
Table of content
Next page

When you assign or modify NTFS permissions to files and folders, problems might arise. Troubleshooting these problems is important to keep resources available to users.

After this lesson, you will be able to

  • Troubleshoot resource access problems

Estimated lesson time: 5 minutes

Troubleshooting Permissions Problems

Table 3.7 describes some common permissions problems that you might encounter and the solutions you can use to try to resolve them.

Table 3.7 Permissions Problems and Troubleshooting Solutions

Problem Solution
A user can't gain access to a file or folder. If the file or folder was copied, or if it was moved to another NTFS volume, the permissions might have changed.

Check the permissions that are assigned to the user account and to groups of which the user is a member. The user might not have permission or might be denied access either individually or as a member of a group.
You add a user account to a group to give that user access to a file or folder, but the user still can't gain access. For access permissions to be updated to include the new group to which you have added the user account, the user must either log off and then log on again, or close all network connections to the computer on which the file or folder resides and then make new connections.
A user with Full Control permission to a folder deletes a file in the folder, although that user doesn't have permission to delete the file itself. You want to stop the user from being able to delete more files. You must clear the special access permission—the Delete Subfolders And Files check box—on the folder to prevent users with Full Control of the folder from being able to delete files in the folder.

NOTE

Windows 2000 supports POSIX applications that are designed to run on UNIX. On UNIX systems, Full Control permission allows you to delete files in a folder. In Windows 2000, the Full Control permission includes the Delete Subfolders And Files special access permission, which also allows you to delete files in that folder regardless of the permissions that you have for the files in the folder.

Avoiding Permissions Problems

The following is a list of best practices for implementing NTFS permissions. These guidelines will help you avoid permission problems.

  • Assign the most restrictive NTFS permissions that still enable users and groups to accomplish necessary tasks.
  • Assign all permissions at the folder level, not at the file level. Group files in a separate folder for which you want to restrict user access, and then assign that folder restricted access.
  • For all application-executable files, assign Read & Execute and Change Permissions to the Administrators group, and assign Read & Execute to the Users group. Damage to application files is usually the result of accidents and viruses. By assigning Read & Execute to users and Read & Execute and Change Permissions to administrators, you can prevent users or viruses from modifying or deleting executable files. To update files, members of the Administrators group can assign Full Control to their user account to make changes and then reassign Read & Execute and Change Permissions to their user account.
  • Assign Full Control to the CREATOR OWNER group for public data folders so that users can delete and modify files and folders that they create. Doing so gives the user who creates the file or folder (CREATOR OWNER) full access to only the files or folders that he or she creates in the public data folder.
  • For public folders, assign Full Control to the CREATOR OWNER group and Read and Write to the Everyone group. This gives users full access to the files that they create, but members of the Everyone group can only read files in the folder and add files to the folder.
  • Use long, descriptive names if the resource will be accessed only at the computer. If a folder will eventually be shared, use folder and filenames that are accessible to all client computers.
  • Allow permissions rather than deny permissions. If you don't want a user or group to gain access to a particular folder or file, don't assign permissions. Denying permissions should be an exception, not a common practice.

Lesson Summary

When you assign or modify NTFS permissions for files and folders, problems might arise. Troubleshooting these problems is important to keep resources available to users. In this lesson, you learned about some common permissions problems and some possible solutions to resolve these problems.


Previous page
Table of content
Next page
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
MCSE Training Kit(c) Microsoft Windows 2000 Accelerated 2000
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 244
BUY ON AMAZON
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
An Introduction to Design Patterns in C++ with Qt 4
Microsoft WSH and VBScript Programming for the Absolute Beginner
What is Lean Six Sigma
DNS & BIND Cookbook
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy