Re: server 2003 standard folder shares
- From: "LinWohtohai" <LinWohtohai@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 14 Apr 2005 20:03:02 -0700
Mark,
Why it has to be so confusing in Windows Server 2003? I understood,
implemented, and tested your point on windows 2000. I think what throws off
most of the Sys Admins on Windows Server 2003 is when they check up on folder
properties and see "read only" checked marked in attributes. My question is,
will this approach also work for setting up user's home folder's ? Thanks?
LinWohtohai
"Mark [MSFT]" wrote:
> OK, quick primer...
>
> You have to keep in mine that SHARE permissions determine what type of the
> share resource the user gets while NTFS (Security) permissions gives them
> actual disk access. Whichever of the two is more restrictive will win. So if
> Share permissions are at Read only for Users or Everyone or {whatever} - no
> matter what you set for NTFS, they will only be allowed to Read (the most
> restrictive is Read from Share permissions). Similarly, if you set Everyone
> or Users in Share permissions to Full control - but NTFS permissions still
> only has Read for Users - Users could only Read (the most restrictive is the
> Read from NTFS)
>
> Windows 2003 sets Share permissions by default are as follows: Everyone
> (Read)
> The NTFS permissions by default are inherited (normally Admins/System: Full
> control (special), Users (Read/Execute/List/Read) and Creator Owner
> (special)
>
> So in this case, even if you gave NTFS (Security) permissions of Full
> Control to user JohnDoe, he would still not be able to write to the share -
> because the "Everyone" permission is restricting everyone to read only to
> the share resource. To allow JohnDoe write access, you would need to add his
> account to the NTFS Security with Full Control - but keep in mind, all Users
> can still read everything on that share. Of course, if you have a large
> number of users (like, the Accounting Department gets Full control, but
> everyone else can only read), using Groups rather than individual accounts
> to manage this would be much easier.
>
> If you wanted a share that only a special person could access, you would
> remove Everyone from Share permissions, add the one users account and give
> them read/write - and then also add the user to the NTFS permissions.
>
> (All told, a best practice is to remove "Everyone" from Share access
> anyway - and at most add the Users group, else add other groups of users as
> needed.)
>
> That help a little?
>
> --
> Mark St. John
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> "rodge" <rodge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:E204D8D8-CB73-467A-AB1A-1E870B44EE6D@xxxxxxxxxxxxxxxx
> >I have removed two windows nt servers and replaced them with windows 2003
> > standard servers. Both of these servers had shared folders on them. I do
> > not
> > have the training necessary to do this, but it is still my job. I have had
> > so
> > many issues with users whose files are read only after the transfer to the
> > new server. Some of these folders have to have permissions set pretty
> > tight
> > because they contain financial data. How can I fix the read only issue?
> > What's the easiest way to get these folders setup with permissions that
> > will
> > make departments happy and still allow everyopne else to work? What other
> > information can I provide to help with an answer?
>
>
>
.
- Follow-Ups:
- Re: server 2003 standard folder shares
- From: Nick Payne
- Re: server 2003 standard folder shares
- References:
- server 2003 standard folder shares
- From: rodge
- Re: server 2003 standard folder shares
- From: Mark [MSFT]
- server 2003 standard folder shares
- Prev by Date: Re: C:\Windows\System32\Autoexec.nt error
- Next by Date: Re: Send To problem with network shortcut
- Previous by thread: Re: server 2003 standard folder shares
- Next by thread: Re: server 2003 standard folder shares
- Index(es):
Relevant Pages
|
Loading
