When you right-click a network share and go to Properties, how come there are separate tabs for Permissions and Security? What's the difference between these, and why would they separate them?
I understand that Permissions are subservient to Security, but I just can't understand why it's set up that way. It makes no sence to me, but maybe if someone could explain why, it might give me some insight.
Thanks
security is for local to your computer, users, user groups etc etc
sharing makes the folders accessible over the network
Oh thanks! This is a simple explaination
the usual rule of thumb for domain security is to leave share permissions quite open , but lock down with NTFS
my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net
as per above you normally specify the maximum rights you would ever want a person or group to have at share level.
and then set the specific permissions you want to have at the filesystem level security permissions to set the effective rights
Yes - Always open up Share permissions to Everyone-Full and the ACL (apply permissions) to the actual data folders (must be NTFS). With NT4 and W2000 you can leave the Share permissions at default when you create them and just ACL the NTFS data structures.
With W2003, the default Share permission is locked down to Read, and as Share permissions over-ride NTFS permissions, even if you have Write access in the data folders, accessing via the Share will restrict to Read-Only, so you must open up the Share permissions on all new W2003 Shares that you create.
Try to make each and every day the best it can be.
Thanks, but I cant give share permissions to everyone b/c some of the folders are only intended for specific users, not public for everyone.. Is there a reason I need to do this?
Yes you can. Share the top level directory of your data. Open up the Share permissions to Everyone - Full, and then ACL the sub-folders appropriately for you different user access requirements. Don't permission (ACL) any data with 'Everyone' always use Groups (or users if you must...e.g. Home Directories), and at minimum for 'public' data use 'Authenticated Users'. Users will all be able to access the share, but only access folders and data that you allow via the NTFS permissions (ACLs).Originally Posted by latrosicarius
The only other way is to create separate shares for each different access requirement - a pain and none too flexible. Also if with W2K3 you leave the default Share permission (Read), even though you grant 'Write' NTFS permissions on the data, your users won't be able to write new data or make changes if they access via the Share, as Share permissions over-ride the NTFS permissions.
Try it and see - it only takes a few minutes of 'play' .......
Last edited by EtheAv8r; 11-07-2006 at 11:33 PM.
Try to make each and every day the best it can be.
^ okay thanks. I'll do that and give it a try...
But just wondering what the benefit of that is
By seperating share and NTFS permissions people that are logged on locally can have greater access than those accessing through the network (but not vice versa)
"In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."
Okay cool... well it works both ways, so I guess I'll just stick with your way... it's simpler to set up.. Thanks for the tip
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote