Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Second Edition

5.5. Task 5.5: Implementing a Deny Group

It may be important to be able to lock a collection of users out of certain sensitive content. This can be accomplished by building the chain of granting rights and permissions: User Account (A) gets added to the Global Group (G), the Global Group gets added to the Domain Local Group (DL), and Permissions (P) get granted to the Domain Local Group, AGDLP. In this case, you'll be granting the NTFS Deny Full Control permission to the Domain Local Group (DLG).

The Deny permission is all-powerful and overrules any collection of Allow permissions.

5.5.1. Scenario

You are responsible for the security of your information systems. You have a new folder with sensitive content that should not be viewed by the Widget ...

Get Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Security Administrator Street Smarts: A Real World Guide to CompTIA Security+™ Skills, Second Edition by David R. Miller, Michael Gregg

5.5. Task 5.5: Implementing a Deny Group

5.5.1. Scenario

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly