Re: share level & ntfs permissions

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "Pegasus \(MVP\)" <I.can@xxxxxxx>
• Date: Mon, 13 Mar 2006 16:22:44 +1100

---

You omitted the most important bit: The output from the
net share command!


"John Smith" <someone@xxxxxxxxxxxxx> wrote in message
news:%23DKX2ylRGHA.792@xxxxxxxxxxxxxxxxxxxxxxx

Here is the output for net user:
User name test
Full Name test
Comment
User's comment
Country code 000 (System Default)
Account active Yes
Account expires Never

Password last set 3/12/2006 8:58 PM
Password expires Never
Password changeable 3/12/2006 8:58 PM
Password required Yes
User may change password Yes

Workstations allowed All
Logon script
User profile
Home directory
Last logon 3/12/2006 5:15 PM

Logon hours allowed All

Local Group Memberships
Global Group memberships *Domain Users
The command completed successfully.


here is the output for cacls:
c:\admin tools\Engineering BORREROFAMILY\oborrero:(OI)(CI)F
BORREROFAMILY\test:(OI)(CI)F

and here is the output for netshare:
Share name Engineering
Path C:\Admin Tools\Engineering
Remark Testing Permissions
Maximum users 10
Users
Caching Manual caching of documents
Permission BORREROFAMILY\test, READ

The command completed successfully.




"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:OTtdhOlRGHA.3052@xxxxxxxxxxxxxxxxxxxxxxx

Let's have a look at your settings! Start a command prompt
on your server and type these commands:

net share xxx > c:\test.txt
cacls "d:\Shares\yyy" >> c:\test.txt
net user %UserName% >> c:\test.txt

Replace xxx with the name of your problem share and
d:\Shares\yyy with the path to that share. Now paste
the contents of c:\test.txt into your reply!

Note that the "net share" command will return permission information
under Windows 2003 only but not under other versions of Windows.


"John Smith" <someone@xxxxxxxxxxxxx> wrote in message
news:O736j4kRGHA.4920@xxxxxxxxxxxxxxxxxxxxxxx

it also says that, but i just wanted to see if they really apply the

most

restrictive permissions when you combine them. it's not doing it, so

i'm

just tryin to get it to run

"Pegasus (MVP)" <I.can@xxxxxxx> wrote in message
news:epw3xPkRGHA.4976@xxxxxxxxxxxxxxxxxxxxxxx

"John Smith" <someone@xxxxxxxxxxxxx> wrote in message
news:OQQK91jRGHA.5924@xxxxxxxxxxxxxxxxxxxxxxx

Hi all,
I'm attempting to do my lab but i've run into a problem with Share

Level

and

NTFS File permissions.

Here's my setup
1. One domain, with one domain controller that hosts DNS, DHCP, and

File

Server Services (Contoso.Com).
1. One XP PRO SP2 Client Machine

Now the book says, "Share level permissions should be used in

conjunction

with NTFS permisssions, not instead of them. The 2 levels of

security

work
together. Users who access the share will have a combination of the

more

restrictive permissions that have been set."

I setup my Test user account with a share level permission of Read,
and

the

NTFS file permission FUll Control. When i login to my domain from

the

XP

Pro

client, and access the resource i'm still able to delete, and change
anything in the folder when i should only be allowed to read.

Inheritance

is

setup properly, but the effective permissions show FULL Control for

resource

that i'm trying to access for the test user account. What am i doing
wrong
??

I don't know what book you quote but most sysadmins will
set the share permissions to "Full Control" for everyone and
set appropriate NTFS permissions. I see no advantage in
having two permission schemes that will possibly contradict
each other. Furthermore, NTFS permissions are so much more
powerful than share permissions!

.

---

• Follow-Ups:
  • Re: share level & ntfs permissions
    • From: John Smith

• References:
  • Re: share level & ntfs permissions
    • From: Pegasus \(MVP\)
  • Re: share level & ntfs permissions
    • From: John Smith
  • Re: share level & ntfs permissions
    • From: Pegasus \(MVP\)
  • Re: share level & ntfs permissions
    • From: John Smith

• Prev by Date: Re: share level & ntfs permissions
• Next by Date: Re: share level & ntfs permissions
• Previous by thread: Re: share level & ntfs permissions
• Next by thread: Re: share level & ntfs permissions
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ubuntu-users Digest, Vol 47, Issue 208 ... Superuser confusion or maybe critically confused ... "Permissions" appears nowhere in Nautilus, so far as I can tell. ... I am attempting to learn to use command line. ... (Ubuntu) Re: Isolate home directory shares ... I believe the command for one subfolder would be similar to: ... removes the inheritance flag but leaves existing permissions for the ... home directories are done with ADUC using profile tab: ... (microsoft.public.windows.server.general) Re: File permissions? ... have to do it with root permissions, unless you want to change the ... This will open gedit with MyFile and the terminal isn't locked to it ... This redirects the output of the free -m command to the file MyFile. ... Personally I created my own alias ... (Ubuntu) Re: File permissions? ... have to do it with root permissions, unless you want to change the ... This will open gedit with MyFile and the terminal isn't locked to it ... This redirects the output of the free -m command to the file MyFile. ... Personally I created my own alias ... (Ubuntu) Re: Windows XP boots to background only, no start button, no icons ... I tried the cacls command for explorer.exe and it showed that users & power ... about not having the right permissions. ... but I can access my task manager. ... use your system CD to do a repair installation. ... (microsoft.public.windowsxp.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.file_system  > 2006-03