views:

79

answers:

1

In trying to answer a question regarding a folder that a program can write to on any version of windows by limited users, i suggested FOLDERID_ProgramData and FOLDERID_PublicDocuments. However, it would seem that not everyone has access to this folder, despite their purpose (ostensibly) being to allow anything to write to them. Why?

+1  A: 

I think the idea is that the file owner is given full permissions on those directories, and he can then set who has access to the file.

I'll just try it out now...

...scratch that.

It seems the main set of permissions for regular users is given via the NETWORK and INTERACTIVE built-in security groups. The permissions are tied to the network location of the user (logged in locally or from the network). This is in contrast to the usual practice of granting permissions to the Users and/or Domain Users group.

This also explains why when I tried testing the effective permissions for some user, I got nothing back. (Only the administrator had explicitly defined permissions.)

mdma

related questions