Windows Server 2003 changes inherited permission settings
Source: Internet
Author: User
Keywordsnbsp; change 2003 used if
Active Directory provides a set of directory service features that centralize organization management and access to network resources. Active directory makes network topologies and protocols transparent to users so that users on the network can access any resource, such as a printer, without knowing the location of the resource and how it is connected to the network. &http://www.aliyun.com/zixun/aggregation/37954.html ">nbsp; Active directory is divided into areas for management, which allows it to store a large number of objects. Based on this structure, Active directory can be expanded as the enterprise grows. From a small business that has only one server that stores hundreds of objects, it expands to a large enterprise with thousands of servers that store millions of objects.
If the check box is dimmed when viewing permissions on an object, the object already inherits the permissions of the parent object. There are three ways to change inherited permissions:
changes to the parent object, and the child object inherits those permissions. Select the opposite permission (allow or deny) to overwrite the inherited permissions. Clears the Allow inheritable permissions for the parent to propagate to this object and all child objects. Include those items that are explicitly defined here check box. This allows you to change permissions or remove users or groups from the permissions list. However, the object will no longer inherit permissions from its parent object.
Note
If an object has an explicit Allow permission entry, the inherited Deny permission does not prevent access to the object. Explicit permissions have precedence over inherited permissions, even if they inherit the Deny permission.
On the Advanced page, a folder or subfolder to which permissions apply is listed in the Applies to column of permission entries. The Inherit from column lists the locations of the permissions that have been inherited.
You can use the Apply to field to select the folder or subfolder that you want to apply permissions to. If the special permissions item in user or group permissions is dimmed, it does not indicate that the permission has been inherited. This means that special permissions have been selected. Inheritance of Active Directory objects
For Active Directory objects, when you use the Apply to option to control inheritance, remember that not only the object specified in the Applies To field inherits the access control entry (ACE), but all child objects also receive a copy of the ACE. A child object that is not specified in the Applies To field will receive a copy of the ACE, but is not mandatory. If there are enough objects to get a copy of the ACE, the increased amount of data can cause serious network performance problems.
If you assign permissions to the parent object and you want the child objects to inherit these permission entries, you can ensure that all child objects have the same access control list (ACL) for the best performance. In the Windows Server 2003 family, Single-instance allows Active Directory to store only one copy of all the same ACLs. Create ACLs that many objects can use to maintain network performance.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.