ACL / SDs

[John E. Malmberg]

Elrond <Elrond at Wunder-Nett.org> wrote:
> Off Topic: Does anyone know free nice tools to show and
> change SDs unter NT? One that can even handle the order
> would be interesting.

The SDs changed with Windows NT 4.0 SP4.  The new format is honored by NT
4.0 SP4, but the tools for manipulating the new features are only supplied
with Windows 2000.

Basically they added the ability to force inheritance of SDs from the parent
directory.

There is supposed to be a tool on the either the NT4.0 SP4 CD-ROM or later,
and it may be downloadable from the Microsoft site that adds the ability to
manipulate the settings from the command line or the GUI.

I do not have the exact name of it with me at the moment, but it is in the
knowlege base because it is needed to repair the permissions on NT 4.0
sometimes.


> BTW: How is that all on VMS? (They keep telling, it's
> derived from VMS.) I'm only a bit curious, so you don't
> need to get into details, some two/three general lines
> would be great.

In VMS, the order that the RIGHTS IDENTIFIERS are assigned to a USERNAME,
and the order that the ACEs are assigned ACL in a resource are important.

VMS first checks access through the (s:rwed, o:rwed, g:rwed, w:rwed) bits.
If this access is denied, then the ACL is checked.

The access is denied or granted based on the first match from scanning the
ACEs on the resource against the RIGHTS IDENTIFERS assigned to a USER.

In addition to the ACEs that grant or deny access, there are ACEs for many
purposes, including Default Protection, Alarms, and User Defined.

(Sorry four paragraphs)

The VMS documentation for all of this can be found at a link from
http://www.openvms.digital.com/ for those inclined to look up the gory
details.

-John
wb8tyw at qsl.net