What takes precedence??

[rodentcentre]

I've got a 2003 system where a group created at the domain level is a member of a local group. For instance the domain group is XXX\Domain Users and has Modify, Read & Execute, Write, and List Folder Contents permissions. This XXX\Domain Users group is a member of SIAN\Users local group (Under local users and groups) and this group only has Read, List Folder Contents, Read & Execute permissions. Now, when I look at the security parameters on one of the directories it has both the XXX\Domain Users and the SIAN\Users groups listed. I actually have two questions 1) which one takes precedence?? and 2) why would you want to create a local user group as opposed to a domain user group at the server level?? thanks.

 

[sab4you]

If the permissions are all allow, then the user in both groups should have the compound access of both.

If you put in a deny, that would take precedence over any allow from the other group.