[Previous] [Next]
Lesson 6: Solving Permissions Problems
When you assign or modify NTFS permissions to files and folders, problems might arise. Troubleshooting these problems is important to keep resources available to users.
After this lesson, you will be able to
- Troubleshoot resource access problems.
Estimated lesson time: 20 minutes
Troubleshooting Permissions Problems
Table 14.6 describes some common permissions problems that you might encounter and provides solutions that you can use to try to resolve these problems.
Table 14.6 Permissions Problems and Troubleshooting Solutions
Problem | Solution |
---|---|
A user can't gain access to a file or folder. | If the file or folder was copied, or if it was moved to another NTFS volume, the permissions might have changed.
Check the permissions that are assigned to the user account and to groups of which the user is a member. The user might not have permission or might be denied access either individually or as a member of a group. |
You add a user account to a group to give that user access to a file or folder, but the user still can't gain access. | For access permissions to be updated to include the new group to which you have added the user account, the user must either log off and then log on again, or close all network connections to the computer on which the file or folder resides and then make new connections. |
A user with Full Control permission to a folder deletes a file in the folder, although that user doesn't have permission to delete the file itself. You want to stop the user from being able to delete more files. | You have to clear the special access permission—the Delete Subfolders And Files check box—on the folder to prevent users with Full Control of the folder from being able to delete files in the folder. |
NOTE
Windows 2000 supports POSIX applications that are designed to run on UNIX. On UNIX systems, Full Control permission allows you to delete files in a folder. In Windows 2000, the Full Control permission includes the Delete Subfolders And Files special access permission, allowing you the same ability to delete files in that folder regardless of the permissions that you have for the files in the folder.
The following list provides best practices for implementing NTFS permissions. These guidelines will help you avoid permission problems.
Practice: Managing NTFS Permissions
In this practice, you will observe the effects of taking ownership of a file. Then you will determine the effects of permission and ownership when you copy or move files. Finally, you will determine what happens when a user, having the Full Control permission to a folder, has been denied all access to a file in that folder, and the user attempts to delete the file.
To successfully complete this practice, you must have completed "Practice: Planning and Assigning NTFS Permissions," in Lesson 3 of this chapter.
Exercise 1: Taking Ownership of a File
In this exercise, you will observe the effects of taking ownership of a file. To do this, you must determine permissions for a file, assign the Take Ownership permission to a user account, and then take ownership as that user.
Microsoft Windows 2000 displays the Owner Properties dialog box with the General tab active.
What are the current allowed permissions for Owner.txt?
Windows 2000 displays the Access Control Settings For Owner dialog box with the Permissions tab active.
Who is the current owner of the Owner.txt file?
Windows 2000 displays the Select User, Computer, Or Group dialog box.
Windows 2000 displays the Permission Entry For Owner dialog box.
Notice that all of the permission entries for User84 are blank.
The Access Control Settings For Owner dialog box with the Permissions tab displayed is once again active.
Windows 2000 displays the Owner Properties dialog box with the General tab active.
Windows 2000 displays the Security message box, indicating that you can view only the current security information on Owner.txt.
Windows 2000 displays the Owner Properties dialog box with the Security tab active.
Who is the current owner of Owner.txt?
Who is the current owner of Owner.txt?
The Owner Properties dialog box with the Security tab displayed is once again active.
In this exercise, you will see the effects of permissions and ownership when you copy and move folders.
What are the permissions that are assigned to the folder?
Who is the owner? Why?
What are the permissions for the folders that you just created?
Who is the owner of the Temp2 and Temp3 folders? Why?
Folder | Assign these permissions |
---|---|
Temp2 | Administrators: Full Control Users: Read & Execute |
Temp3 | Backup Operators: Read & Execute Users: Full Control |
Since this is a copy, C:\Temp2 and C:\Temp1\Temp2 should both exist.
Who is the owner of C:\Temp1\Temp2 and what are the permissions? Why?
What happens to the permissions and ownership for C:\Temp1\Temp3? Why?
In this exercise, you will grant a user Full Control permission to a folder but deny all permissions to a file in the folder. You will then observe what happens when the user attempts to delete that file.
Windows 2000 displays the Security dialog box with the following message:
You have denied everyone access to NoAccess.txt. No one will be able to access NoAccess.txt and only the owner will be able to change permissions. Do you wish to continue? |
Were you successful? Why or why not?
Were you successful? Why or why not?
How would you prevent users with Full Control permission for a folder from deleting a file in that folder for which they have been denied the Full Control permission?
Close all windows and log off Windows 2000.
When you assign or modify NTFS permissions for files and folders, problems might arise. Troubleshooting these problems is important to keep resources available to users. In this lesson, you learned some common permissions problems and some possible solutions to resolve these problems. In the practice exercises for this lesson, you determined the permissions for a file, assigned the Take Ownership permission to a user account, and then took ownership as that user. You also observed the effects of permissions and ownership when you copy and move folders. Finally, in these exercises you practiced assigning permissions to a folder and a file, and then you observed the results when a user has Full Control permission to a folder and has been denied all permissions to a file in that folder.