Re: server 2003 standard folder shares

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

We change permissions for shares we setup in Win2003 to full control for
everyone and use NTFS permissions to limit access.

Nick

"LinWohtohai" <LinWohtohai@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B3A24FAB-0223-4432-876F-1C065759CE92@xxxxxxxxxxxxxxxx
> Mark,
> Why it has to be so confusing in Windows Server 2003? I understood,
> implemented, and tested your point on windows 2000. I think what throws
> off
> most of the Sys Admins on Windows Server 2003 is when they check up on
> folder
> properties and see "read only" checked marked in attributes. My question
> is,
> will this approach also work for setting up user's home folder's ? Thanks?
>
> LinWohtohai
>
>
>
> "Mark [MSFT]" wrote:
>
>> OK, quick primer...
>>
>> You have to keep in mine that SHARE permissions determine what type of
>> the
>> share resource the user gets while NTFS (Security) permissions gives them
>> actual disk access. Whichever of the two is more restrictive will win. So
>> if
>> Share permissions are at Read only for Users or Everyone or {whatever} -
>> no
>> matter what you set for NTFS, they will only be allowed to Read (the most
>> restrictive is Read from Share permissions). Similarly, if you set
>> Everyone
>> or Users in Share permissions to Full control - but NTFS permissions
>> still
>> only has Read for Users - Users could only Read (the most restrictive is
>> the
>> Read from NTFS)
>>
>> Windows 2003 sets Share permissions by default are as follows: Everyone
>> (Read)
>> The NTFS permissions by default are inherited (normally Admins/System:
>> Full
>> control (special), Users (Read/Execute/List/Read) and Creator Owner
>> (special)
>>
>> So in this case, even if you gave NTFS (Security) permissions of Full
>> Control to user JohnDoe, he would still not be able to write to the
>> share -
>> because the "Everyone" permission is restricting everyone to read only to
>> the share resource. To allow JohnDoe write access, you would need to add
>> his
>> account to the NTFS Security with Full Control - but keep in mind, all
>> Users
>> can still read everything on that share. Of course, if you have a large
>> number of users (like, the Accounting Department gets Full control, but
>> everyone else can only read), using Groups rather than individual
>> accounts
>> to manage this would be much easier.
>>
>> If you wanted a share that only a special person could access, you would
>> remove Everyone from Share permissions, add the one users account and
>> give
>> them read/write - and then also add the user to the NTFS permissions.
>>
>> (All told, a best practice is to remove "Everyone" from Share access
>> anyway - and at most add the Users group, else add other groups of users
>> as
>> needed.)
>>
>> That help a little?
>>
>> --
>> Mark St. John
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "rodge" <rodge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:E204D8D8-CB73-467A-AB1A-1E870B44EE6D@xxxxxxxxxxxxxxxx
>> >I have removed two windows nt servers and replaced them with windows
>> >2003
>> > standard servers. Both of these servers had shared folders on them. I
>> > do
>> > not
>> > have the training necessary to do this, but it is still my job. I have
>> > had
>> > so
>> > many issues with users whose files are read only after the transfer to
>> > the
>> > new server. Some of these folders have to have permissions set pretty
>> > tight
>> > because they contain financial data. How can I fix the read only issue?
>> > What's the easiest way to get these folders setup with permissions that
>> > will
>> > make departments happy and still allow everyopne else to work? What
>> > other
>> > information can I provide to help with an answer?
>>
>>
>>


.

Relevant Pages

  • Re: Domain Users Cant Print to Networked Printer
    ... You might want to just set up a printer server and install it on your clients ... that way so you can control the permissions. ... remove the user from Domain Admins, that user can no longer print. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Ownsership and Rights
    ... Full Controll set up for bothe the NTFS and for the share. ... Also, when I am logged into the server as Administrator, and I check the ... Effective Permissions does not work as well. ... That I'm working on has share rights of Everyone, ...
    (microsoft.public.windows.server.sbs)
  • Re: Corporate File control
    ... How often are you finding you need to change permissions? ... do this - I set up the permissions on the folders when I set up the server, ... > minutia of NTFS permissions would be challenging. ... > find good documentation on NTFS settings? ...
    (microsoft.public.win2000.file_system)
  • Re: Corporate File control
    ... How often are you finding you need to change permissions? ... do this - I set up the permissions on the folders when I set up the server, ... > minutia of NTFS permissions would be challenging. ... > find good documentation on NTFS settings? ...
    (microsoft.public.security)
  • Re: appears to loose authentication
    ... me to think that there are security and permissions issues. ... to any shares below is baffling and also suspectable to incorrect NTFS ... an invalid DNS server in the Tcp/Ip settings. ... I checked the share and ntfs permissions on the goldmine share, ...
    (microsoft.public.security)