1 00:00:00,797 --> 00:00:03,082 Permissions, in this lesson we are going 2 00:00:03,082 --> 00:00:05,508 to talk more specifically about permissions. 3 00:00:05,508 --> 00:00:07,616 But not necessarily the read, write, and execute 4 00:00:07,616 --> 00:00:10,438 parts, but more about the concept of inheritance. 5 00:00:10,438 --> 00:00:11,788 Now when I talk about inheritance I am 6 00:00:11,788 --> 00:00:12,892 not talking about your parents or your 7 00:00:12,892 --> 00:00:14,380 grandparents leaving you a house or 8 00:00:14,380 --> 00:00:16,494 money when they die and past away. 9 00:00:16,494 --> 00:00:19,360 No, we are going to to talk about permission inheritance. 10 00:00:19,360 --> 00:00:20,936 Permission inheritance is going to happen 11 00:00:20,936 --> 00:00:23,892 by default whenever a new folder is created 12 00:00:23,892 --> 00:00:26,208 it's going to inherit whatever the 13 00:00:26,208 --> 00:00:27,668 permissions are of the folder above 14 00:00:27,668 --> 00:00:29,181 it, which is called the parent. 15 00:00:29,181 --> 00:00:30,268 So when we look at these parent 16 00:00:30,268 --> 00:00:32,310 permissions we have to see what we have. 17 00:00:32,310 --> 00:00:33,684 So in this case I have a new folder I 18 00:00:33,684 --> 00:00:36,134 just created underneath the accounting directory. 19 00:00:36,134 --> 00:00:38,320 Notice that I got the same permissions I had in the 20 00:00:38,320 --> 00:00:40,916 last view that bob had in the accounting folder. 21 00:00:40,916 --> 00:00:42,609 This is the accounting group and the administrative 22 00:00:42,609 --> 00:00:45,144 group both have access to that folder. 23 00:00:45,144 --> 00:00:46,699 That new folder I just created because 24 00:00:46,699 --> 00:00:49,001 it automatically inherited the permissions 25 00:00:49,001 --> 00:00:51,386 from the accounting folder above it. 26 00:00:51,386 --> 00:00:53,320 Now the idea with inheritance is that whatever the 27 00:00:53,320 --> 00:00:55,448 parent folder says the child is going to follow. 28 00:00:55,448 --> 00:00:58,044 And so if the parent folder has permissions added 29 00:00:58,044 --> 00:01:00,372 or removed from it, guess what's going to happen. 30 00:01:00,372 --> 00:01:01,521 The child is going to have those added 31 00:01:01,521 --> 00:01:03,855 or removed from it as well. 32 00:01:03,855 --> 00:01:05,536 This is a default action inside 33 00:01:05,536 --> 00:01:07,198 the windows operating system. 34 00:01:07,198 --> 00:01:08,568 Now when it moves from the parent to 35 00:01:08,568 --> 00:01:10,846 the child this is called propagation. 36 00:01:10,846 --> 00:01:13,346 Propagation occurs when permissions are passed to 37 00:01:13,346 --> 00:01:16,386 a sub folder from the parent through inheritance. 38 00:01:16,386 --> 00:01:18,556 This can also refer to when permissions have 39 00:01:18,556 --> 00:01:20,432 to propagate or pass to all the clients on 40 00:01:20,432 --> 00:01:22,396 the network whenever a change is a made. 41 00:01:22,396 --> 00:01:24,585 So you might hear network propagation or something 42 00:01:24,585 --> 00:01:26,587 of the nature in the word of propagation. 43 00:01:26,587 --> 00:01:28,128 But in terms of permissions we are talking about 44 00:01:28,128 --> 00:01:30,960 it going from a parent down to a child. 45 00:01:30,960 --> 00:01:33,296 Now as we look at propagation you also have 46 00:01:33,296 --> 00:01:35,153 to think about do you want this to occur. 47 00:01:35,153 --> 00:01:36,646 Sometimes you do and sometimes you don't. 48 00:01:36,646 --> 00:01:38,431 Well if you don't want propagation to occur you 49 00:01:38,431 --> 00:01:41,206 have to do what's called breaking the inheritance. 50 00:01:41,206 --> 00:01:43,221 So to break inheritance you need to first click on 51 00:01:43,221 --> 00:01:45,492 the advanced button in the lower right corner of 52 00:01:45,492 --> 00:01:48,326 the security tab inside your folder properties. 53 00:01:48,326 --> 00:01:49,897 From there another window will pop 54 00:01:49,897 --> 00:01:51,789 up and you will click on the disable 55 00:01:51,789 --> 00:01:53,802 inheritance button in the lower left. 56 00:01:53,802 --> 00:01:55,414 Now normally you don't want to do this, 57 00:01:55,414 --> 00:01:57,176 but if you need something more restricted than 58 00:01:57,176 --> 00:01:59,056 its parent this is when you would do breaking 59 00:01:59,056 --> 00:02:01,833 inheritance and adding additional permissions. 60 00:02:01,833 --> 00:02:03,188 So that is the basic concept of 61 00:02:03,188 --> 00:02:05,254 inheritance and breaking the inheritance. 62 00:02:05,254 --> 00:02:07,472 Now remember when I mentioned before we 63 00:02:07,472 --> 00:02:08,903 want to use groups that are assigned 64 00:02:08,903 --> 00:02:10,785 to roles and not assign users directly 65 00:02:10,785 --> 00:02:13,369 to a particular folder's permissions. 66 00:02:13,369 --> 00:02:15,721 The reason for this is when you do assign people 67 00:02:15,721 --> 00:02:17,281 directly to folder permissions this is 68 00:02:17,281 --> 00:02:19,043 probably the number one thing I see that 69 00:02:19,043 --> 00:02:21,022 causes privilege creep to occur. 70 00:02:21,022 --> 00:02:23,721 Because people forget about those users that 71 00:02:23,721 --> 00:02:26,269 was assigned to some sub folder somewhere. 72 00:02:26,269 --> 00:02:27,323 If you keep people in groups it makes it 73 00:02:27,323 --> 00:02:29,604 a lot easier to keep track and make sure 74 00:02:29,604 --> 00:02:31,713 that privilege creep doesn't get out of hand. 75 00:02:31,713 --> 00:02:33,763 Now for a second here I want to stop and 76 00:02:33,763 --> 00:02:36,350 review something from the CompTIA A+. 77 00:02:36,350 --> 00:02:37,912 A lot of what we have been discussing so far 78 00:02:37,912 --> 00:02:40,133 is from the A+ exam in terms of permissions. 79 00:02:40,133 --> 00:02:41,614 There are two key things to remember 80 00:02:41,614 --> 00:02:42,807 though in case its been a while 81 00:02:42,807 --> 00:02:44,692 for you since you taken the A+. 82 00:02:44,692 --> 00:02:47,257 The first thing is when you copy files. 83 00:02:47,257 --> 00:02:48,739 Let's pretend that I am copying 84 00:02:48,739 --> 00:02:50,367 a file or folder and I am copying it 85 00:02:50,367 --> 00:02:52,994 from C drive to a USB thumb drive. 86 00:02:52,994 --> 00:02:55,999 What will the permissions look like on that new copy. 87 00:02:55,999 --> 00:02:58,042 Well when I move the file from the 88 00:02:58,042 --> 00:02:59,492 hard drive to the thumb drive, if I 89 00:02:59,492 --> 00:03:01,374 copy that folder then permissions 90 00:03:01,374 --> 00:03:02,641 are going to be inherited from the 91 00:03:02,641 --> 00:03:05,217 folder that it gets copied into. 92 00:03:05,217 --> 00:03:06,889 Whatever its new parent is. 93 00:03:06,889 --> 00:03:09,598 Basically its going to lose its existing permissions. 94 00:03:09,598 --> 00:03:12,414 Now if instead I moved it from the C drive 95 00:03:12,414 --> 00:03:14,517 working folder to the C drive archive 96 00:03:14,517 --> 00:03:16,655 folder they are both in the same hard 97 00:03:16,655 --> 00:03:18,675 drive and I move it instead of copying it. 98 00:03:18,675 --> 00:03:20,706 What do you think is going to happen this time? 99 00:03:20,706 --> 00:03:22,977 Well if you move a folder than the permissions 100 00:03:22,977 --> 00:03:25,327 are retained from its original permissions. 101 00:03:25,327 --> 00:03:27,256 And so whatever that original parent was that 102 00:03:27,256 --> 00:03:28,986 it inherited from it's going to take those 103 00:03:28,986 --> 00:03:30,771 permissions with it to the new folder. 104 00:03:30,771 --> 00:03:32,668 This is an important concept because if 105 00:03:32,668 --> 00:03:34,551 you forgot fact that when copy something 106 00:03:34,551 --> 00:03:36,382 you are getting new permissions, you can 107 00:03:36,382 --> 00:03:38,029 actually lighten the permissions of 108 00:03:38,029 --> 00:03:39,757 what it was and people can access 109 00:03:39,757 --> 00:03:42,590 documents they weren't suppose to.