A company we contract for has asked us for advice of this as one of the employees laid a complaint against their technician who they believe has changed settings just for that person.


Basically here is the story,

User1 (Who Laid Complaint) couldn't access a shared software network share,

User1 went to user 2 who could see it and went into folder permissions & saw user1 username listed with all denied security permissions. User2 tried to remove these buy got access denied.

User1 went to user3 who like user2 could see the folder and could see user1 had been locked out of that folder, he also couldn't change the permissions.

User1 complains to manager (First line of contact for company), Who gives user 1 a long speech about not pointing the blame etc.

Within an hour after that meeting, User1 Could view the folder again AND could now edit his own user permission to the folder. Whereas previously the only user who had access to change permissions was the administrator.


Basically what we have been asked is wither or not it is possible for the technician to change the security policy for that one user so that he now had permission to edit the folder permissions for himself.


The way I see it is that it is possible via active directory, Making the user a part of a security policy then changing that policy to allow this.

I am not 100% sure this is possible that is why I wanted to ask here for confirmation before I report back to the company.


For obvious reasons I have used USER1,2,2 and COMPANY :)