Results 1 to 12 of 12

Thread: Difference between share permissions and security permissions?

  1. #1
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts

    Difference between share permissions and security permissions?

    When you right-click a network share and go to Properties, how come there are separate tabs for Permissions and Security? What's the difference between these, and why would they separate them?

    I understand that Permissions are subservient to Security, but I just can't understand why it's set up that way. It makes no sence to me, but maybe if someone could explain why, it might give me some insight.

    Thanks

  2. #2
    Senior Member
    Join Date
    Oct 2005
    Posts
    320
    Thanks
    3
    Thanked
    1 time in 1 post
    security is for local to your computer, users, user groups etc etc

    sharing makes the folders accessible over the network

  3. #3
    Jam Is Teh Win (again)! Splash's Avatar
    Join Date
    May 2005
    Location
    York
    Posts
    7,200
    Thanks
    161
    Thanked
    576 times in 466 posts
    • Splash's system
      • Motherboard:
      • Asus P8Z68-V Pro/Gen3
      • CPU:
      • 2700K
      • Memory:
      • 32Gb Corsair Vengeance CMZ8GX3M1A1600C10
      • Storage:
      • 120Gb Corsair Force boot, 120Gb Corsair Force games, 1.5Tb Seagate storage
      • Graphics card(s):
      • XFX HD7970 Black Edition
      • PSU:
      • Corsair HX750
      • Case:
      • Lian Li PC-V1000
      • Operating System:
      • Windows 7
      • Monitor(s):
      • Dell 2709W
      • Internet:
      • BeThere BePro
    Quote Originally Posted by aidanjt View Post
    A large root will do ok

  4. #4
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Oh thanks! This is a simple explaination

  5. #5
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like 1:: (IPv6 version)
    Posts
    10,477
    Thanks
    44
    Thanked
    346 times in 284 posts
    the usual rule of thumb for domain security is to leave share permissions quite open , but lock down with NTFS
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Location
    Withernsea
    Posts
    325
    Thanks
    2
    Thanked
    1 time in 1 post
    as per above you normally specify the maximum rights you would ever want a person or group to have at share level.

    and then set the specific permissions you want to have at the filesystem level security permissions to set the effective rights

  7. #7
    Old Fool!
    Join Date
    Oct 2003
    Location
    Cambridgeshire
    Posts
    1,016
    Thanks
    11
    Thanked
    34 times in 28 posts
    • EtheAv8r's system
      • Motherboard:
      • abit AB9 QuadGT - BIOS 16b by Richh
      • CPU:
      • E6700 @ 356x10 = 3.56GHz + Tuniq Tower 120
      • Memory:
      • 4Gb - 2 pairs of 1GB Corsair TwinX DDR2 XMS2 Dominator PC8500
      • Storage:
      • 4 x Samsung HD501LJ Intel Matrix RAID; 1 x WD3200KS
      • Graphics card(s):
      • 768Mb Palit 8800GTX GPU - Core @ 630MHz, Memory @ 923 MHz
      • PSU:
      • Seasonic S-12 650 Energy+
      • Case:
      • Antec P180
      • Operating System:
      • Windows XP SP3
      • Monitor(s):
      • ViewSonic VP2030b
      • Internet:
      • F2S MAX - Getting 4Meg
    Yes - Always open up Share permissions to Everyone-Full and the ACL (apply permissions) to the actual data folders (must be NTFS). With NT4 and W2000 you can leave the Share permissions at default when you create them and just ACL the NTFS data structures.

    With W2003, the default Share permission is locked down to Read, and as Share permissions over-ride NTFS permissions, even if you have Write access in the data folders, accessing via the Share will restrict to Read-Only, so you must open up the Share permissions on all new W2003 Shares that you create.
    Try to make each and every day the best it can be.

  8. #8
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Thanks, but I cant give share permissions to everyone b/c some of the folders are only intended for specific users, not public for everyone.. Is there a reason I need to do this?

  9. #9
    Old Fool!
    Join Date
    Oct 2003
    Location
    Cambridgeshire
    Posts
    1,016
    Thanks
    11
    Thanked
    34 times in 28 posts
    • EtheAv8r's system
      • Motherboard:
      • abit AB9 QuadGT - BIOS 16b by Richh
      • CPU:
      • E6700 @ 356x10 = 3.56GHz + Tuniq Tower 120
      • Memory:
      • 4Gb - 2 pairs of 1GB Corsair TwinX DDR2 XMS2 Dominator PC8500
      • Storage:
      • 4 x Samsung HD501LJ Intel Matrix RAID; 1 x WD3200KS
      • Graphics card(s):
      • 768Mb Palit 8800GTX GPU - Core @ 630MHz, Memory @ 923 MHz
      • PSU:
      • Seasonic S-12 650 Energy+
      • Case:
      • Antec P180
      • Operating System:
      • Windows XP SP3
      • Monitor(s):
      • ViewSonic VP2030b
      • Internet:
      • F2S MAX - Getting 4Meg
    Quote Originally Posted by latrosicarius
    Thanks, but I cant give share permissions to everyone b/c some of the folders are only intended for specific users, not public for everyone.. Is there a reason I need to do this?
    Yes you can. Share the top level directory of your data. Open up the Share permissions to Everyone - Full, and then ACL the sub-folders appropriately for you different user access requirements. Don't permission (ACL) any data with 'Everyone' always use Groups (or users if you must...e.g. Home Directories), and at minimum for 'public' data use 'Authenticated Users'. Users will all be able to access the share, but only access folders and data that you allow via the NTFS permissions (ACLs).

    The only other way is to create separate shares for each different access requirement - a pain and none too flexible. Also if with W2K3 you leave the default Share permission (Read), even though you grant 'Write' NTFS permissions on the data, your users won't be able to write new data or make changes if they access via the Share, as Share permissions over-ride the NTFS permissions.

    Try it and see - it only takes a few minutes of 'play' .......
    Last edited by EtheAv8r; 12-07-2006 at 12:33 AM.
    Try to make each and every day the best it can be.

  10. #10
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    ^ okay thanks. I'll do that and give it a try...

    But just wondering what the benefit of that is

  11. #11
    Senior Member
    Join Date
    Mar 2005
    Posts
    3,988
    Thanks
    121
    Thanked
    222 times in 182 posts
    • badass's system
      • Motherboard:
      • Asus P5K-E Wifi/AP
      • CPU:
      • Core 2 Quad Q6600 B3
      • Memory:
      • 4*2GB Corsair DDR800
      • Storage:
      • 160GB Intel X25-M G3 and 2TB WD Green
      • Graphics card(s):
      • Sapphire 6870 1GB Vapor-x
      • PSU:
      • Corsair HX520W
      • Case:
      • Antec P182
      • Operating System:
      • Windows 7 X64 ultimate
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • Cerberus 5 Mbit
    Quote Originally Posted by latrosicarius
    ^ okay thanks. I'll do that and give it a try...

    But just wondering what the benefit of that is
    By seperating share and NTFS permissions people that are logged on locally can have greater access than those accessing through the network (but not vice versa)
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  12. #12
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts
    Okay cool... well it works both ways, so I guess I'll just stick with your way... it's simpler to set up.. Thanks for the tip

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •