home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The CICA Windows Explosion!
/
The CICA Windows Explosion! - Disc 2.iso
/
nt
/
ntkb.zip
/
NTKB.EXE
/
Q102
/
3
/
39.TXT
next >
Wrap
Text File
|
1993-08-30
|
10KB
|
223 lines
DOCUMENT:Q102339 11-AUG-1993 [W_NTAS]
TITLE :INF: Permissions Comparison--NT AS vs. LAN Manager
PRODUCT :Microsoft Windows NT Advanced Server
PROD/VER:3.10
OPER/SYS:WINDOWS
KEYWORDS:
--------------------------------------------------------------------
The information in this article applies to:
- Microsoft Windows NT Advanced Server version 3.1
--------------------------------------------------------------------
SUMMARY
=======
This article discusses how file, directory, and printing permissions
compare between Windows NT Advanced Server and LAN Manager version
2.x.
MORE INFORMATION
================
File and Directory Permissions
------------------------------
On a LAN Manager for OS/2 system, you can control access to all files
and directories under the FAT, HPFS, or HPFS386 file systems. On a
Windows NT system, you can control users' access to directories and
files on drives formatted to use the Windows NT file system (NTFS).
Drives formatted to use FAT and HPFS do not support Windows NT
security. You can, however, secure Windows NT shared directories no
matter what file system is in use.
The standard permissions for files and directories and their meanings
are shown in the following tables, along with the individual
permissions each standard permission represents.
LAN
Manager NTFS Description
-----------------------------------------------------------------------
R Read (RX) User can read the contents of the
file and run it if it is an
application.
W
(Write) Change (RWXD) Lets the user open and write to a
file, changing its contents. Windows
NT allows deletion of the file.
D N/A Lets the user delete files.
(Delete)
X
(Execute) N/A Lets the user run a program, but
not read or copy it.
A N/A
(Change Attributes) Lets the user change file attributes.
P N/A
(Change Permissions) Lets the user grant permissions for
the file to other users.
Y Full Control (All) For LAN Manager, serves as a shortcut
(Yes) to RWCDA permissions. When you give a
user Y permission, you are granting
RWCDA permissions.
For Windows NT, enables user to read,
modify, delete, set permissions for,
and take ownership of the file.
N No Access Prevents a user from using the file
(No) or directory in any way, even if the
user is a member of a group that has
been granted access to the file. On
LAN Manager, Y access given to a user
overrides N access given to a group.
On Windows NT, deny access takes
precedence. For example, if a user
has Full Control access for a file,
but is a member of a group that has
No Access for the same file, access
is denied.
In the second column of the following table (for NTFS directory
permissions), the first set of individual permissions applies to the
directory itself, and the second set of individual permissions applies
to new files subsequently created in the directory.
Directory Permissions
---------------------
LAN
Manager NTFS Description
-----------------------------------------------------------------------
R Read (RX)(RX) User can read files in the
(Read) directory and run applications in
the directory.
W Change (RWXD)(RWXD) User can read and add files and
(Write) change the contents of current
files.
C Add A user with C permission can create
(Create) (WX) (Not Specified) a file and after creating it, can
read from or write to the file
until closing it.
Add & Read Add enables a Windows NT user to
(RWX) (RX) add files to the directory but not
to read the contents of current
files or change them.
Add & Read enables a user to add
files to the directory and read
current files, but not to change
any files.
D N/A Users can delete files and
(Delete) subdirectories within the shared
directory but cannot delete the
shared directory itself.
X N/A Lets the user run a program in the
(Execute) directory, but not read it or copy
it.
A N/A
(Change Attributes) Lets the user change the attributes
of files in the directory.
P N/A
(Change Permissions) The user can change the permissions
for the directory or files in the
directory.
Y Full Control
(Yes) (All)(All) For LAN Manager, serves as
shortcut to RWCDA permissions. When
you give a user Y permission, you
are granting RWCDA permissions.
User can read and change files, add
new ones, change permissions for
the directory and its files, and
take ownership of the directory and
its files.
N No Access
(No) (None)(None) Prevents a user from using the file
or directory in any way. Usually,
you can prevent a user from
accessing a file or directory
simply by not giving the user any
permissions to it; however, you
must use N permission to prevent a
specific user from accessing a file
while granting access to the file
or directory to a group the user
belongs to. For Windows NT, users
cannot access the directory in any
way, even if they have Full Control
access through membership in a
group.
N/A List (RX) User can only list the files and
(Not Specified) subdirectories in this directory and
change to a subdirectory of this
directory. User cannot access new
files created in this directory.
NOTE: Permissions on shared Windows NT directories that are not NTFS
are identical. Note that if a directory is both shared and on an NTFS
volume, permissions are cumulative over the network.
Printer Permissions
-------------------
LAN
Manager Windows NT
Printer Printer Descriptions/
Queue Permissions Differences
-----------------------------------------------------------------------
Y Print Users can send jobs to the printer
(Yes) queue.
N No Access Prevents a user from accessing the
(No) printer queue.
Y+P Full Control Users can send jobs to and set
(Yes+Change Permissions) access permissions for the printer
the printer queue. Users can print
documents, change print settings,
and completely manage documents
and printers.
N/A Manage Documents Users can pause, resume, restart,
delete, and control settings for
documents.
Additional reference words: 3.10 security ntas
KBCategory:
KBSubCategory: ntadsrv scrty
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1993.