Benutzer-Werkzeuge

Webseiten-Werkzeuge


ntfs

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
ntfs [2025/03/13 13:45]
jango
ntfs [2025/05/20 08:23] (aktuell)
admin
Zeile 1: Zeile 1:
-<code powershell> +NTFS (New Technology File System) ist ein proprietäres Dateisystem von [[Microsoft]] für alle Betriebssysteme der Windows-NT-Reihe (ab 1993).
-$str = Get-NTFSAccess \\fileserver\gbi\it-security | convertto-json +
-$obj = $str | convertfrom-json +
-#$obj #| select-object @{Name=\""Account\""; Expression = { $_.Account.AccountName } },@{Name=\""AccessRights\""; Expression = { ((Get-NTFSAccess \\fileserver\gbi\it-security -Account $_.Account.AccountName).AccessRights) } },IsInherited,InheritedFrom+
  
-$obj | foreach-object { +<box red>Beim Erstellen von Berechtigungen immer auf das Dropdown "Applies To" beachten und genau planen worauf Berechtigungen angewendet werden sollen!</box> 
-    $acc = $_.Account.AccountName + 
-    $rights = ((Get-NTFSAccess \\fileserver\gbi\it-security -Account $_.Account.AccountName).AccessRights+Die effektivsten Berechtigungen eines Users ergeben sich aus der Kombination aller Gruppenund Benutzerberechtigungen.  
-    Write-output "$($_.FullName);$($acc);$($rights);$($_.IsInherited);$($_.InheritedFrom -replace 'UNC''\')" + 
-} +<box green>Wenn ein Benutzer Schreibrechte hat aber über eine Gruppenmitgliedschaft Leserechte bekommt, dann darf er trotzdem schreibenAußer du verbietest es explizit mit einer "Deny" (Verweigern) Regel.</box>  
-</code>+ 
 +Eine "Deny" Regel ist stärker als eine "Allow" (Erlauben) Regel. 
 + 
 +{{ntfs-permissions-gui.png}} 
 + 
 +  * **Enable/Disable Inheritance**: Übernimmt alle **übergeordneten, vererbbaren Berechtigungen** auf den aktuell bearbeiteten Container. 
 +  * **Replace all Child Objects...**: Überträgt die Vererbungen (einmalig?auch auf untergeordnete Container 
 + 
 +=====Basic Permissions===== 
 + 
 +^ Permission ^ Meaning for Folders ^ Meaning for Files ^ 
 +| **Read**              | Permits viewing and listing of files and subfolders                                                         | Permits viewing or accessing of the file’s contents               | 
 +| **Write**             | Permits adding of files and subfolders                                                                      | Permits creating files and writing to a file                                         | 
 +| **Read & Execute**    | Permits viewing and listing of files and subfolders as well as executing of filesinherited by files and folders | Permits viewing and accessing of the file’s contents as well as executing the file | 
 +| **List Folder Contents** | Permits viewing and listing of files and subfolders as well as executing of filesinherited by folders only | N/A                                                               | 
 +| **Modify**            | Permits reading and writing of files and subfoldersallows deletion of the folder                           | Permits reading, writing and renaming of the fileallows deletion of the file | 
 +| **Full Control**      | Permits readingwriting, changing, and deleting of files and subfolders                                    | Permits reading, writing, changing, and deleting of the file       | 
 + 
 + 
 +=====Extended Permissions=====
  
 ^Permission^Read^Write^List folder content^Read & Execute^Modify^Full Control^ ^Permission^Read^Write^List folder content^Read & Execute^Modify^Full Control^
Zeile 26: Zeile 42:
 |Take ownership| | | | | |X| |Take ownership| | | | | |X|
  
-^ Permission            ^ Meaning for Folders                                                                                         ^ Meaning for Files                                                ^ 
-| **Read**              | Permits viewing and listing of files and subfolders                                                         | Permits viewing or accessing of the file’s contents               | 
-| **Write**             | Permits adding of files and subfolders                                                                      | Permits writing to a file                                         | 
-| **Read & Execute**    | Permits viewing and listing of files and subfolders as well as executing of files; inherited by files and folders | Permits viewing and accessing of the file’s contents as well as executing the file | 
-| **List Folder Contents** | Permits viewing and listing of files and subfolders as well as executing of files; inherited by folders only | N/A                                                               | 
-| **Modify**            | Permits reading and writing of files and subfolders; allows deletion of the folder                           | Permits reading and writing of the file; allows deletion of the file | 
-| **Full Control**      | Permits reading, writing, changing, and deleting of files and subfolders                                    | Permits reading, writing, changing, and deleting of the file       | 
  
   * **Traverse Folder / Execute File** - Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders (applies to folders only). Execute File allows or denies running program files (applies to files only).   * **Traverse Folder / Execute File** - Traverse Folder allows or denies moving through folders to reach other files or folders, even if the user has no permissions for the traversed folders (applies to folders only). Execute File allows or denies running program files (applies to files only).
Zeile 47: Zeile 56:
   * **Change Permissions** - Allows or denies changing permissions of the file or folder, such as Full Control, Read, and Write.   * **Change Permissions** - Allows or denies changing permissions of the file or folder, such as Full Control, Read, and Write.
   * **Take Ownership** - Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.   * **Take Ownership** - Allows or denies taking ownership of the file or folder. The owner of a file or folder can always change permissions on it, regardless of any existing permissions that protect the file or folder.
 +
 +=====Share Permissions=====
 +
 +Die effektiven Berechtigungen werden aus SMB (Share) Berechtigungen und NTFS Berechtigungen ermittelt. Dabei **gelten die restriktivsten Berechtigungen**.
 +
 +=====NTFS-Security=====
 +
 +Siehe auch [[NTFSSecurity]]
 +
 +<code powershell>
 +$str = Get-NTFSAccess \\fileserver\gbi\it-security | convertto-json 
 +$obj = $str | convertfrom-json
 +$obj | foreach-object {
 +    $acc = $_.Account.AccountName
 +    $rights = ((Get-NTFSAccess \\fileserver\gbi\it-security -Account $_.Account.AccountName).AccessRights)
 +    Write-output "$($_.FullName);$($acc);$($rights);$($_.IsInherited);$($_.InheritedFrom -replace 'UNC', '\')"
 +}
 +</code>
  
 =====Links===== =====Links=====
ntfs.1741869907.txt.gz · Zuletzt geändert: 2025/03/13 13:45 von jango