Matthieu,
Your summary is a good recap of what we have done on this topic. I have
one clarification for the point below.
* All ACE for allowed object are wipped out when translating AD ACL
to File ACL
When translating a ACL for DS object to a ACL for SYSVOL file object,
Hi Matthieu,
With regards of the OI and CI flags, we always set those flags on if the ACE
type is any of the following 3 types:
ACCESS_ALLOWED_ACE_TYPE
ACCESS_DENIED_ACE_TYPE
SYSTEM_AUDIT_ACE_TYPE
This is hardcoded.
I'll provide you with the answer to your other question soon.
Thanks and
On 04/12/2009 23:00, Sebastian Canevari wrote:
Hi Matthieu,
Just a clarification to ask you for:
We are discussing with Hongwei and the PGs if it is that you are seeing GPMC expect
the inheritance to happen OR if it is that you are dumping the ACLs and seeing the
flags always.
What I
Hello sebastian
And last but not least question, it seems that GPMC whats to have OI and CI flags on every
ACL entries is it due to the presence of the SDDL_AUTO_INHERITEDcontrol in
the SDDL ?
Any news on this ?
More exactly my question is why this flag appear on each ACE ?
Also do you
Hi Matthieu,
We are still actively working on this and I do have the PG engaged.
Please accept my apologies if we are delaying a little longer than expected. I
guess we can say that the holidays affected the timing a little without trying
to use that as an excuse.
I'll keep you posted as soon
Hi Matthieu,
I'll be working with you on these questions.
I will keep you updated.
Thanks!
Sebastian
Sebastian Canevari
Senior Support Escalation Engineer, US-CSS DSC PROTOCOL TEAM
7100 N Hwy 161, Irving, TX - 75039
Las Colinas - LC2
Tel: +1 469 775 7849
e-mail: seba...@microsoft.com
Hi Hongwei,
I received your answer and it looks very interesting. I have to correct
the implementation so that ACL on folder are correctly set.
I hope to be able to do it next week. Once it's done I'll tell you about
the results.
Regards.
Matthieu.
On 10/29/2009 05:31 AM, Hongwei Sun wrote:
Matthieu,
I keep receiving the message from our e-mail server about the undeliverable
e-mail to one of the address(cifs-protocol@cifs.org), which is in your original
e-mail. In order to make sure you receive the email, I just forward it again.
If you already received it, please let me