Share via

NTFS permission

Handian Sudianto 6,101 Reputation points
2023-03-31T06:07:57.7566667+00:00

Hello,

If one user belong to two AD group, let say user1 is member from group1 and group2.

Then we set ntfs permissions for group1 is read and write, but deny for group2.

If user 1 try to access to that file, which one will be win? deny or read/write?

Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. TP 125.7K Reputation points Volunteer Moderator
    2023-03-31T06:31:56.6266667+00:00

    Hi,

    Deny takes precedence, so user1 will be denied access.

    The reason is, Deny entries are always ordered before Allow entries in the Discretionary Access Control List (DACL) on the object (file). When the system checks each Access Control Entry (ACE) and finds a trustee (user/group/etc.) that is part of the access token (this contains SIDs of trustees), it denies or allows access and stops checking any more of the ACEs in the DACL.

    If the above is helpful please click Accept Answer.

    Thanks.

    -TP

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.