Information Technology Reference
In-Depth Information
set the standard Read & execute and Write permissions on the folder, and then set the Delete
special permission to apply to subfolders and files only.
Subfolders and files are configured to inherit permissions by default; however, as with Active
Directory objects, permission inheritance can be disabled. If you need to remove permissions
from a file or folder, you must disable inheritance first. You can add new ACEs or add permis-
sions to an existing ACE with inheritance enabled, but you can't remove inherited permissions.
To disable permission inheritance, open the Advanced Security Settings dialog box for an object
and clear the “Include inheritable permissions from this object's parent” option (see Figure 6-11).
When you disable inheritance, you're prompted to copy the previously inherited permissions or
remove all permissions. In most cases, copying the permissions is best so that you have a start-
ing point from which to make changes. The “Replace all existing inheritable permissions on all
descendants with inheritable permissions from this object” option, also in the Advanced Security
Settings dialog box, forces the current folder's child objects to inherit applicable permissions. If
a child object has inheritance disabled, this option reenables it.
Figure 6-11
The Advanced Security Settings dialog box
Activity 6-8: Examining Default Settings
for Volume Permissions
Time Required:
10 minutes
Objective:
Examine default permission settings on a volume.
Description:
You want a solid understanding of which permissions are inherited by files and fold-
ers created on a new volume.
1. Log on to your server as Administrator, if necessary.
2. Open Windows Explorer, and right-click the
QData
volume and click
Properties
. Click the
Security
tab.
3. Click each ACE in the volume's DACL. You might need to scroll the Permission for Users
list box to see the special permissions entry.
Search WWH ::
Custom Search