Why Microsoft made managing NTFS Permissions even more complex?
Вторник, 20 - Сентябрь - 2011 Оставьте комментарий
Working with Windows NT 5.0/5.1/5.2 (Windows 2000/XP/2003) systems for a quite long time, I am used to configure NTFS Permissions the way it was. However, the successor NT versions (2008/Vista/7) managed to unpleasantly surprise me. Let’s assume you want to re-configure an access to some particular NTFS folder. For example, the folder containing users’ home directories. This is the way it looks (with NTFS permissions attached) on one of my Windows Server 2003 R2 computers:
Also, let’s see an example of the same folder and its permissions on one of my Windows Server 2008 R2 machines:
Basically, folder permission configuration windows seem to look the same for both systems except for a safety catch, an Edit button. Let’s leave it under consideration if it is really useful. Next, I want to create new employee’s home directory called JohnDoe and need to configure individual permissions on it. To do this, I need to block upper level permission inheritance and add access for John. How easy are those two procedures to perform in Windows Server 2003?
To accomplish the task, I have spent 13 (thirteen) mouse clicks in 4 (four) dialog windows. All right, let’s try to achieve the required goal on Windows Server 2008 now? But there appears something really awesome:
This time, the identical configuration implementation required 17 (seventeen) mouse clicks in 6 (six) dialog windows. Nevertheless, there appears no any drastic improvement for security. From my side, this only makes security even more distant from people. Why do we need to perform so many actions? Was there any serious reason to make administrator’s job even more complex? Is there anyone who can explain why Microsoft made it that way?