Tony, Rich, Is what is shown below the answer Rich did not get from Tony? jorge
________________________________ From: [EMAIL PROTECTED] on behalf of Tony Murray Sent: Thu 2006-01-12 23:07 To: [email protected] Subject: RE: [ActiveDir] File Permissions: Deny vs. Allow Could this be an explanation?: "In most cases, Deny overrides Allow unless a folder inherits conflicting settings from different parents. In this situation, the setting that is inherited from the parent that is closest to the object in the subtree has precedence." http://support.microsoft.com/default.aspx?scid=kb;en-us;308418&sd=tech Tony ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ahmed Al-Awah Sent: Friday, 13 January 2006 10:41 a.m. To: '[email protected]' Subject: [ActiveDir] File Permissions: Deny vs. Allow Hi all, I'm hoping someone can help explain a situation I came across recently. I have a global security group that has been denied access to a specific network drive (a folder on a server). However, certain members within the global security group are able to access the drive. After some research I found that the global group was a "member of" a domain local group with access to the drive in question. When the group was removed from the domain local group (but were still members of the global group) the said users were no longer able to access the drive. File permissions, as I understand them, are designed such that deny permissions will always override allow permissions but in this case it seems that this is not the case, hence my confusion. P.S.: Just as an FYI, the global group and domain local group are located in different OUs but are part of the same domain. Any clarifications on why this is happening are appreciated. Thanks, Ahmed This communication, including any attachments, is confidential. If you are not the intended recipient, you should not read it - please contact me immediately, destroy it, and do not copy or use any part of this communication or disclose anything about it. Thank you. Please note that this communication does not designate an information system for the purposes of the Electronic Transactions Act 2002. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
<<winmail.dat>>
