Four basic principles of Windows XP permissions settings
In Windows XP, there are four basic principles for the management of permissions: rejection is better than the permissive principle, the principle of minimization of permissions, the principle of accumulation and the permissions Inheritance principle. These four basic principles will play a very important role in the setting of permissions. Let's take a look at it:
1. Rejection is better than the allowed principle
< The "allow" principle is a very important and fundamental principle. It can perfectly handle the permissions caused by the user's attribution in the user group. For example, "shyzhong" is a user who belongs to both. ;shyzhongs”user group, also belongs to the “xhxs” group, when we perform a centralized allocation of “write” permissions to a resource in the “xhxs” group (ie for user groups), this time The “shyzhong” account in the group will automatically have the right to "write”.
But what's strange is that the account clearly has the "write" permission for this resource, but why can't it be executed in practice? Originally, in the “shyzhongs” group, the user also set the permission for this resource, but the permission set is “rejected to write”. Based on the principle of “Reject better than allow”, “shyzhong” is “privileged to write” in the “shyzhongs” group, which will be given priority over the “allowed permission” in the “xhxs” group”. ” Permissions are executed. Therefore, in actual work, “shyzhong” users cannot perform “write” to this resource.
2. Principle of Minimizing Permissions
It is very necessary for Windows XP to "keep the user's minimum permissions" as a basic principle. This principle ensures maximum security for resources. This principle can try to limit the resources that users can't access or need to access without effective permissions.
Based on this principle, in the actual privilege assignment, we must explicitly grant permission or refusal to the resource. For example, the newly created restricted user in the system “shyzhong” has no permissions to the “DOC” directory in the default state. Now it is necessary to give this user permission to “read ”” in the “DOC” directory. Then you must add “read” permissions to the “shyzhong” user in the permissions list of the &DOquo;DOC” directory.
3. Permission inheritance principle
The permission inheritance principle makes it easier to set permissions for resources. Suppose now that there is a directory of "DOC", in this directory there are subdirectories such as "DOC01", "DOC02", "DOC03", and now you need to set the DOC directory and its subdirectories under “shyzhong” The user has “write” permission. Because of the inheritance principle, you only need to set the &######################################################################################################
4. Accumulation principle
This principle is better understood, assuming that the user now belongs to the “A” user group, which also belongs to the “B” user group, which is in A. The user group's permission is "Read", and the permission in the "B” user group is "Write", then according to the accumulation principle, the actual permission of the user will be "Read" + write & rdquo; two.
Obviously, the "Reject better than allow" principle is used to resolve conflicts on permission settings; "Priority is minimized" principle is used to secure resources; "privilege inheritance" The principle is used to "automation" execution permission settings; and the "additional principle" is to make the permissions settings more flexible. Several principles are useful, and the lack of one will bring a lot of trouble to the setting of permissions!
Note: In Windows XP, all members of the "Administrators" group have the right to "take ownership" (Take Ownership), that is, members of the Administrators group can be from other users. & ldquo; The right to seize & rdquo; its identity, such as restricted users & ldquo;shyzhong” established a DOC directory, and only gave yourself the right to read, this seemingly thoughtful permission settings, in fact, "Administrators" group All members will be able to obtain this permission by means of "capture ownership".
After installing Windows XP/2000 or higher, if you want to boot to pure DOS mode, you can only use f
We are all used to putting a lot of shortcuts on the desktop, many of
It is undeniable that reinstalling the system is a compulsory course for Windows users. This
Windows XP itself supports NTFS partitions, and the security and disk management of NTFS par
Application Skills of the Operating System Task Manager (1)
Analysis of the difference between Linux and Windows server systems
Six taboos for Windows XP system
Solve Windows XP system problems
Winxp control panel where the basic tutorial 18: folder options (a)
Computer knowledge 5 small secrets of Win XP
Super multi-images reveal the secret: WinXP SP2 new version leaks
An alternative way to fix home page settings under XP
Mysql database hot standby configuration
Five steps to solve the problem of Win XP exchange visit
Have you met? Top 10 most prone to PC disasters (10)
Early adopters: Windows XP SP2 installation question and answer highlights
Win7 system boot prompt TpKnrres.exe - damaged image how to do
Modify the Hosts file to get three special magical effects
Use the trick to figure out the Trojan virus behind the picture
Vista system optimization skills
XP SP2 "camouflage" becomes a hidden danger in XP SP3
What should I do if I need permission to perform this operation under win8 system?
What is the 2345explorer.exe process of Win7 system
Win7 computer can not open the page on qq and the solution
How does the Win7 system use the nt6 hdd installer to install the Win10 system?