CIST2411CHAPTER 14NOTESI.Security Principle: Managing Permissions a.Permissions i.Privileges granted to users, groups, and computers –allow them to access a resource. ii.Four permission systems: 1.NTFS permissions 2.Share permissions 3.Registry permissions 4.Active Directory permissions b.Understanding the Windows Permission Architecture i.Permissions are stored in an Access Control List (ACL) 1.Collection of individual permissions, in the form of access control entries (ACEs). 2.Manage permissions - Security tab of the element’s Properties dialog boxc.Understanding Basic and Advanced Permissions i.Basic Permissions 1.Security tab - permissions you are seeing are called basic permissions. 2.Basic permissions are combinations of advanced permissions, which provide the most granular control over the element. d.Allowing and Denying Permissions i.When you assign permissions to a system element, you are, in effect, creating a new ACE in the element’s ACL.1.There are two basic types of ACEs: a.Allow b.Deny ii.This makes it possible to approach permission management tasks from two directions: 1.Additive 2.Subtractive e.Inheriting Permissions i.Permissions tend to run downwards through a hierarchy, in other words Crap rolls downhill.