[Esd-l] macro scanner: defang instead of refuse

Graham Dunn gdunn at inscriber.com
Wed Jun 5 08:12:00 PDT 2002

On Wed, Jun 05, 2002 at 08:00:12AM +0100, Graham Murray wrote:
> Kenneth Porter <shiva at well.com> writes:
> > As a *nix admin, I've always found sharing rights on Windows to be
> > highly non-intuitive, and sharing from a workstation seems to require
> > the creation of a user account for the client. So we have a public share
> > on the server with a directory for each user, and savvier users dump
> > things in a user's directory there and then send an email letting him
> > know it's there.
> You should not need to create an account on the workstation for each
> client. If you are using NTFS then you can give permissions, both to
> the share and to files within the shared directory, to individual
> domain users. This is actually much more fine grained that the *nix
> permission system. 

Actually, the MS "blessed" procedure is:

1. Create a global group containing the users you wish to access the
2. Create a local group on the workstation with the share.
3. Populate the local group with the global group from the first step.
4. Modify the ACL on the share to allow the local group access.

And NT share ACLs are not so fine grained, but NTFS ACLs are (5
properties vs the standard 3 for UFS). *shrug*

ObSanitizer: Is there any advantage to mangling office filenames
(do[tc],xls, etc) with the new Outlook "security" patches installed?


More information about the esd-l mailing list