If you make a network connection to a box, both share and local NTFS permissions are enforced and your effective permissions will be the LESSER of the two. If you are logged on locally to a server, then the share permissions will be ignored and your effective permissions will be the NTFS permissions.
One side point, if you are logged on locally to the server and use a shared drive that points back to the same box, then share permissions will be applied. That's an easy way to check them without needing a second box. -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 05, 2004 7:35 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: riddle me this it was share permissions. he had full control on the ntfs level, but only read on the share. my question is- i thought ntfs permissions beat out share permissions when there is a conflict? -----Original Message----- From: Joe Pochedley [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 4:45 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: riddle me this Sounds like you've got NTFS permissions covered, but have you checked the share permissions? Joe Pochedley Weiler's Law - Nothing is impossible for the man who doesn't have to do it himself. -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 3:44 PM To: ActiveDir (E-mail) Subject: [ActiveDir] OT: riddle me this I have a devloper who is running visual source safe and has had issues since day one logging in(to VSS). The app just uses its own internal db of users for auth, not AD. However the files reside on an ntfs share. Here's my confusion- I put this devloper into the domainadmins group as a test. he cannot change the attributes of files from read-only to read. He gets an access denied error. He cannot create files in a dir he has been given explicit access(full control). still gets an access denied. I've tried from different machines from win2k sp4 to winxp sp1 and still the same issue. The files and dirs reside on a AD win2k dc. We are a win2k mixed mode domain. could an account have gotten corrupted or screwed? and how could i tell? running ethereal when he connects only gives me what I know- smb nt file access denied. what the heck is going on here? thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
