Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

When to user NTFS permissions and SHARE Permissions?

1 view
Skip to first unread message

Blue Frog

unread,
Apr 11, 2006, 5:43:37 AM4/11/06
to
Anyone advise when you would also use Share Permissions (on 2003 server) -
previously this was set to Everyone - Full control and used NTFS permission
only


Jerold Schulman

unread,
Apr 11, 2006, 8:17:47 AM4/11/06
to

See tip 9909 » How do I implement Windows Server 2003 Access-Based Enumeration in a DFS environment?
and links in the 'Tips & Tricks' at http://www.jsifaq.com

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com

Enkidu

unread,
Apr 11, 2006, 5:24:43 PM4/11/06
to
Share permissions are permissions to use a share. They say nothing about
permissions below the share. They also only apply to remote users, those
not actually at the machine.

NTFS permissions control the access of a user (remotely via a share or
locally) to directories and files on the hard disk.

A user may have Full Control share permissions to a share and have NTFS
read permissions to part of the file system under the share, no NTFS
permissions to another part of the file system under the share and full
control to yet a further part of the file system under the share.

It's like a ticket to a sports game. The ticket itself gets you entry to
the stadium (share permissions) and the seat number allows you to sit in
a particular seat or maybe a particular section of the ground. Unlike a
ticket to a sports game the share permissions and NTFS permissions are
seperate.

Most people set share permissions to Full Control (anyone can get into
the stadium if they have a ticket), and the NTFS permissions to control
access for the user as required to files and directories (you only have
access to a particular seat or area of the seating).

You would use share permissions to (crudely) prevent someone from
connecting to the share (serve them a notice not to enter the stadium).
You would use NTFS permissions to control what they do after entering
(barred from parts of the ground, allowed into others, etc).

Cheers,

Cliff

Ken Aldrich

unread,
Apr 13, 2006, 5:55:53 PM4/13/06
to
I agree with the above, but I'll give a shorter answer. It is really common
to just leave the Share permissions alone and just go with NTFS permissions.
Managing permissions in one place allows simpler management because then you
don't have to bother looking at both when dealing with permissions issues.
One thing you -may- want to do is get rid of the "Everyone" permission and
add an "Authenticated Users" instead. That is only if you expect trusted
domain users from access the resources in that share.

--
Ken Aldrich
DSRAZOR for Windows
Visual Click Software, Inc.
www.visualclick.com

"Blue Frog" <jdwo...@bluefrog.com> wrote in message
news:e1ftoc$8nt$1...@news.freedom2surf.net...

0 new messages