O'Reilly logo

Windows Vista Security: Praxisorientierte Sicherheit für Profis by Marcus Nasarek

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Controlling Access to Your Data
|
391
5. Type the name of a user or a group account. Click Check Names and then do
one of the following:
If a single match is found for each entry, the dialog box is automatically
updated as appropriate and the entry is underlined.
If multiple matches are found, you’ll see an additional dialog box that allows
you to select the name or names you want to use, and then click OK.
If no matches are found, you’ve probably entered an incorrect name. Mod-
ify the name in the Name Not Found dialog box and then click Check
Names again.
6. Configure permissions for each user and group you added by selecting an
account name and then allowing or denying access permissions as appropriate.
7. Click OK to save your settings.
Removing basic permissions
You can remove a user or group’s basic permissions by following these steps:
1. In Windows Explorer, right-click the file or folder you want to work with and
then select Properties.
2. In the Properties dialog box, select the Security tab. The “Group or user names”
list shows all users and groups with basic permissions for the selected file or folder.
3. Click Edit to open an editable view of the Security tab in a new dialog box.
4. Click the existing user or group whose permissions you want to remove, and
then click Remove.
5. Click OK to save your changes.
Special Permissions
Each basic permission is actually a set of special permissions. Because of this, when-
ever you allow or deny a basic permission, Windows Vista works behind the scenes
to manage the related special permissions for you. Table 11-2 lists the special permis-
sions related to each basic permission.
Table 11-2. Basic permissions and the related special permissions
Basic permission Related special permissions
Read List Folder/Read Data
Read Attributes
Read Extended Attributes
Read Permissions
392
|
Chapter 11: Securing and Sharing Your Data
Viewing and modifying existing special permissions
You can view and set special permissions for a file or a folder by completing the fol-
lowing steps:
1. In Windows Explorer, right-click the file or folder you want to work with and
then select Properties.
2. In the Properties dialog box, select the Security tab and then click Advanced. In
the “Advanced Security Settings for” dialog box, shown in Figure 11-5, the per-
missions are presented much as they are on the Security tab. The key difference
is that you now have additional advanced options.
3. On the Permissions tab, click Edit. This opens an editable view of the Permis-
sions tab in a new dialog box.
4. Click the existing user or group whose permissions you want to modify, and
then click Edit. This displays an editable “Permission Entry for” dialog box (see
Figure 11-6). If any permissions are shaded (unavailable), they are being inher-
ited from a parent folder. You can override the inherited permission, if neces-
sary, by selecting the opposite permission, such as Deny rather than Allow.
5. To modify existing permissions, use the Allow and Deny columns in the Permis-
sions For list. Select checkboxes in the Allow column to add permissions, and
clear checkboxes to remove permissions.
Read & Execute or List Folder Contents All special permissions for Read listed previously
Traverse Folder/Execute File
Write Create Files/Write Data
Create Folders/Append Data
Write Attributes
Write Extended Attributes
Modify All special permissions for Read listed previously
All special permissions for Write listed previously
Delete
Full Control All special permissions listed previously
Delete Subfolders and Files
Change Permissions
Take Ownership
Table 11-2. Basic permissions and the related special permissions (continued)
Basic permission Related special permissions
Controlling Access to Your Data
|
393
6. To prevent a user or a group from using a permission, select the appropriate
checkbox in the Deny column. Denied permissions have precedence over other
permissions.
7. Click OK to save your changes.
Adding new special permissions
You can add new special permissions to a file or folder by completing the following
steps:
1. In Windows Explorer, right-click the file or folder you want to work with and
then select Properties.
2. In the Properties dialog box, select the Security tab and then click Advanced.
This opens the “Advanced Security Settings for” dialog box.
3. On the Permissions tab, click Edit. This opens an editable view of the Permis-
sions tab in a new dialog box.
Figure 11-5. Working with advanced permissions

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required