Order of evaluation of permissions on objects in active directory

S

Shaon Arpitha

I created two users, user1 and user2. I assigned user1 'allow write personal information' permission over user2. Then, I added user1 to a groupa. I assigned groupa 'deny write personal information' permission over user2. Now, by the order of ACE permissions evaluation I found in a microsoft website which is : 1. Explicit deny 2. Explicit allow 3. Inherited deny 4. Inherited allow, user1 must be able to write the country name of user2, right? But, I found that user1 cannot do that. Could you please explain if there's something wrong with my understanding?

Continue reading...
 
You must log in or register to reply here.

Similar threads

I
What Are the Implications of Removing SYSTEM Account Permissions on Active Directory Users and Computers (ADUC) snap in ?
Replies
0
Views
49
IT Researcher007
I
L
There is a weird username in my permissions and it has control over some of my files and i can't remove it or do anything with it please help
Replies
0
Views
150
LPFEN
L
A
Azure Storage File Access security issue on AD joined windows - Failed to enumerate objects in the container. Access is denied.
Replies
0
Views
278
AkbarKarimi
A
Y
  • Article
The most personal Windows 11 experience begins rolling out today
Replies
0
Views
150
Yusuf Mehdi, Corporate Vice President &#38
Y
B
NAS drive permissions problem
Replies
0
Views
213
bigdogevan
B
Back
Top Bottom