I'll answer the second question first: When assigning NTFS permissions to resources, I select the local Administrators group and the local System account with Full Control. I then select the appropriate control group or groups, or individual accounts (domain accounts) and set them with the appropriate permissions. I NEVER set control groups or individuals with Full Control. The highest permissions they get is Modify when appropriate. That prevents them from removing the local Administrators and/or System account (which breaks backup and recovery processes).
For the first question, the users see the permissions for all accounts that are permitted on the resource IF they see the security tab. With some share connections, users don't see the security tab, so they can't see the permissions at all. Kenneth W. (Ken) Adams, MCSA, MCSE -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rocky Habeeb Sent: Thursday, July 22, 2004 10:25 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Renaming The Admin Account People, OK, I know you guys are the Experts and I know MS says, rename it, but tell me the answer to these questions please. Let's say you run NTFS permissions on your local PCs. Lets say your standards are (for EVERY FILE/FOLDER OBJECT ON THE PC): Full Control for Local Admin, Domain Admin and System. Modify for Everyone (At least where it is not a security risk). [1] What is displayed locally to the User (for Admin accounts) when they look at NTFS permissions on their file/folder objects? [2] What do you as the Admin select in the ACL, when you set new permissions for file/folder objects? Thanks RH ------------------------------------------------- Rocky Habeeb Microsoft Systems Administrator ------------------------------------------------- James W. Sewall Company Old Town, Maine ------------------------------------------------- 207.827.4456 habr @ jws.com www.jws.com ------------------------------------------------- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
