|
ACLs are hard!
|
# ¿ Jun 17, 2016 19:42 |
|
|
# ¿ May 10, 2024 07:24 |
|
Shaggar posted:the way permissions work is correct because each item needs a security descriptor otherwise the client has to compute it from parent descriptors every time. i'm p sure the documents and other "special" shell folders are just defined by the contents of the desktop.ini file within, still. it's not a special folder attribute or anything, just data read from a file within the container so yeah, you could cause that by having some idiotic folder redirection setting that put everyone's "document" folders in the same place, rather than the bog standard of giving each profile a subfolder based on the username
|
# ¿ Jun 17, 2016 21:06 |
|
online friend posted:it sucks, actually. yeah it gobbles a large one, and yet it's better than all the alternatives
|
# ¿ Jun 17, 2016 21:08 |
|
error1 posted:The idiotic folder redirection is built right into AD, actually lmao. what's it like back in 2004? you know there's going to be a black president in four years? crazy right? but seriously, that thing in ad is legacy as hell, you don't use that for a user profile or shell folders unless you want poo poo to break. you use folder redirection via gpo to map the profile folder to a unc path or if you have RDS/VDI use user profile disks like shaggs said aslong as you don't override the defaults and push everyone's documents folder into the same location what was described simply doesn't happen and windows handles the appropriate folder ACLs on its own
|
# ¿ Jun 17, 2016 21:58 |
|
i don't know what the hell you're using that doesn't support unc paths but functions properly on windows 7, but it probably sucks
|
# ¿ Jun 17, 2016 22:05 |
|
Shaggar posted:Linux users: "you cant, like, own data man. security is bad!" literally RMS.txt
|
# ¿ Jun 19, 2016 19:52 |
|
lmao nice how does that show up for used space on the volume?
|
# ¿ Jun 19, 2016 20:53 |
|
yeah, they're still a popular hiding place for malware, since you can execute code from them too. for a while in the xp days av scanners wouldn't check for alternate streams
|
# ¿ Jun 19, 2016 21:24 |
|
|
# ¿ May 10, 2024 07:24 |
|
wait, so you want to worsen performance during the most common use case to improve it for occasional admin tasks? how frequently are you touching acls anyway? everything should be defined with security groups, you're not fiddling with permissions for individual accounts
|
# ¿ Jun 24, 2016 17:15 |