Understanding NTFS Advanced Permissions
Click the Advanced button on any folder’s Security tab and you land in a different world. The everyday permissions — Full Control, Modify, Read & Execute, Write — vanish, replaced…
Tag: ACL
Real-World Active Directory Delegation Examples
Three concrete AD delegation scenarios with the right ACL technique for each: targeted Deny ACEs to hide mobile and pager from a Hardware Support team, the schema confidential bit to restrict national-ID attributes to HR, and a volume-object ACL to make a published share invisible to everyone except Finance.
Remove Orphaned SIDs with PowerShell
An orphaned SID is an ACL entry whose underlying user, group, or computer was deleted but the access control entry was left behind. They show up as raw S-1-5-21-... numbers on the Security tab of AD objects and clutter audit reports without breaking access control. This article ships a complete RemoveOrphanedSID-AD.ps1 PowerShell script that recursively walks AD objects, identifies ACEs whose IdentityReference is a domain-prefixed SID that no longer resolves, and either lists or removes them. Includes the two-pass workflow (list, then remove), the -WhatIf dry-run mode, the AD: PowerShell drive provider details, why RemoveAccessRuleSpecific is the right method, and the common pitfalls (running -Remove first, scoping to forest before testing on one OU, confusing this with file-system ACL cleanup).
Cisco IOS Access Control Lists: Standard, Extended, Named, Reflexive, Time-Based
Working reference for the five Cisco IOS ACL types. How an ACL processes a packet (top-down, first-match-wins, implicit deny), where the order of operations relative to NAT matters (in: ACL before NAT, out: NAT before ACL), Standard vs Extended vs Named ACLs with full configuration examples, Reflexive ACLs for basic return-traffic state, Time-based ACLs with absolute and periodic schedules, application to interfaces vs VTY lines (ip access-group vs access-class), placement rules (Standard close to destination, Extended close to source), and the pitfalls (implicit deny, numbered-ACL edit gotcha, wildcard vs subnet mask, NAT-order trap, missing VTY restriction).