DOCUMENT:Q98174 30-JUL-2001 [lanman] TITLE :Setting/Checking Inherited vs. Explicit Permissions PRODUCT :Microsoft LAN Manager PROD/VER: OPER/SYS: KEYWORDS: ====================================================================== SUMMARY ======= This article explains how to recognize inherited versus explicit permissions and discusses how each can be set. MORE INFORMATION ================ To determine if a file or directory has an ACL on it, or is just getting permissions from its parent, do the following: From the command line, use the "NET ACCESS d:\path" or "NET ACCESS d:\path\filename" command. The backslash (\) after the colon in the drive letter is required as a part of the proper syntax of the command. A net2222 means that no ACL is applied directly to that directory or file. There is a possibility that you will get the resource name listed but with no assigned permissions. This indicates that there was once an ACL associated with the resource but that it was removed at some point in time with the Revoke or Revoke All option under Zoom in the View Permissions dialog box of View, Shared Resources. The same result will occur if the command line "NET ACCESS /revoke username" is used for the only user with permissions for that resource. In NET ADMIN initial screen, choose View then Shared Resources, and select a sharename. Next, choose View Permissions, then select the directory or file you want information on and select Zoom. If the "Use default permissions" box is checked, the directory or file you selected is inheriting permissions from a higher level. If you use the Permit Tree option of the View Permissions dialog box under View, Shared Resources, then explicit permissions will be applied to all subdirectories under the Permit Tree point. These permissions will not be applied to the files in these directories. If you use the Revoke Tree option of the View Permissions dialog box under View, Shared Resources, then all implicit and explicit permissions will be removed from the point at which you did the Revoke Tree and the tree below it. If this is done, a "NET ACCESS ..." on any part of the tree will produce a net2222. If you assign an explicit permission for a user or group to a resource when implicit permissions already exist, then one of two changes will be made. If this is done by selecting Permit in the View Permissions dialog box of View, Shared Resources, then the implicit permissions will be converted to explicit permissions and the new explicit permission will be added. If "NET ACCESS /add :" is used, then the implicit permissions will be removed, leaving only the permissions specified in the "NET ACCESS ..." command applied to the resource. Additional query words: 2.10 2.10a 2.20 ====================================================================== Keywords : ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.