Task 5.5: Implementing a Deny Group
It may be important to be able to lock a collection of users out of certain sensitive content. This can be accomplished by building the chain of granting rights and permissions: The User Account (A) gets added to the Global Group (G), the Global Group gets added to the Domain Local Group (DL), and Permissions (P) get granted to the Domain Local Group—AGDLP. In this case, you’ll be granting the NTFS Deny Full Control permission to the Domain Local Group (DLG).
The Deny permission is all-powerful and overrules any collection of Allow permissions.
Scenario
You are responsible for the security of your information systems. You have a new folder with sensitive content that should not be viewed by the Widget Production ...
Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.