NTFS permission

Handian Sudianto 4,146 Reputation points
2023-03-31T06:07:57.7566667+00:00

Hello,

If one user belong to two AD group, let say user1 is member from group1 and group2.

Then we set ntfs permissions for group1 is read and write, but deny for group2.

If user 1 try to access to that file, which one will be win? deny or read/write?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,206 questions
0 comments
Accepted answer
  1. TP 77,231 Reputation points
    2023-03-31T06:31:56.6266667+00:00

    Hi,

    Deny takes precedence, so user1 will be denied access.

    The reason is, Deny entries are always ordered before Allow entries in the Discretionary Access Control List (DACL) on the object (file). When the system checks each Access Control Entry (ACE) and finds a trustee (user/group/etc.) that is part of the access token (this contains SIDs of trustees), it denies or allows access and stops checking any more of the ACEs in the DACL.

    If the above is helpful please click Accept Answer.

    Thanks.

    -TP

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more