It's probably not a good idea for you to leave things the way they are by default when you initiate sharing of a file or folder, Adesh reminds us.
Got a Windows secuity tip? Why not send it in? We'll post
Windows 2000 uses an inheritance permission model that can be a useful feature for administrators. With this inherited permission (or the inheritance model), all folders or subfolders can inherit the security permissions from their parent folder or root drive. For example, if a folder is created on the root of drive C:, then this folder will inherit the permissions from the C: drive. If a subfolder is then created, this subfolder will inherit the permissions from the main folder (parent folder).
There may be instances where a subfolder is created and the user may not want the permission to be inherited from the parent folder. Clearing the box, "Allow inheritable permissions from parent to propagate to this object," can do this. This breaks the normal inheritance link between this subfolder (child) and its parent, and the subfolder no longer dynamically inherits permissions from its parent.
When would you want to do that? Well, suppose you create a folder that contains some configuration drivers on your workstation. These drivers may be needed when you go to another workstation to configure a device, and they are on a shared drive to which others have access, So you can get to them easily from other machines when you need them. but you don't want to allow others to get to these particular files. Here's what you can do:
- Right click on the folder. Select Properties.
- Open the Security tab and uncheck the Allow inheritable Permissions from Parent to propagate to this object.
- You will get the following options:
- Copy button: copies permissions from the parent to the child.
- Remove button: Removes all the permissions inherited from the parent and keeps the permissions specified afterwards.
- Cancel button: closes the dialog box without doing anything.
- To apply specific permissions, select the Remove button. This ensures that only accounts included will have access to this folder.
- Remove the Everyone account. (This should be done automatically.)
- Then apply the necessary accounts and permissions that will have access to this folder.
Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
This was first published in October 2001