[prev in list] [next in list] [prev in thread] [next in thread]
List: cifs-protocol
Subject: [cifs-protocol] Questions regarding 7.1.3.1 ACE Ordering Rules
From: Nadezhda Ivanova <nadezhda.ivanova () postpath ! com>
Date: 2010-04-15 13:21:30
Message-ID: D64B961AF971DE11A6EB0022195CDF3692C507 () saasmb1 ! saasbg ! com
[Download RAW message or body]
Hello,
I was running some test against a Windows 2008 server, forest functional level and \
domain functional level are both 2008. I created a group via LDAP and provided a \
security descriptor with ACE's deliberately scrambled - e.g Deny before Allow, Object \
Specific before Regular. I did not get an LDAP error, the group was successfully \
created, but the SD looked the way I provided it, that is, not according to the rules \
described in this section. Can you explain why this happens? What behavior should I \
expect, is Windows supposed to sort them, return an error, or sort them later, or \
when a recalculate hierarchy request is sent?
In addition:
What is ACE canonical form?
In the sentence: "The nest rule is only applied if the previous rule(s) give \
inconclusive results" - what would constitute an inconclusive result?
Best Regards,
Nadya
_______________________________________________
cifs-protocol mailing list
cifs-protocol@cifs.org
https://lists.samba.org/mailman/listinfo/cifs-protocol
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic