Re: Permissions Chart ?? or web site ??


"Joe Richards [MVP]" <humorexpress@xxxxxxxxxxx> wrote in message
news:OZKOpf6nHHA.4412@xxxxxxxxxxxxxxxxxxxxxxx
1. Determine what access you get through the share
2. Determine what access you get through NTFS
3. You actually get which ever is MOST restrictive

Truly the best way of handling this which gets all of the confusion out of
the way is to set the Share permissions to EVERYONE FULL CONTROL and

Joe and I part company here -- the "BEST" way depends on how much
you care about security vs. making it SIMPLE for the admin who can
learn how to do this correctly.

Share permissions should be set to the MINIMUM required for each GROUP,
leaving "Everyone" (and similar groups) out of it whenever possible.

Then if some file is NOT correctly set perhaps the share will cover the
problem.

NTFS permission should of course we set to the minimum (needed) permissions
for each SPECIFIC group too.

then properly manage the NTFS permissions, then you only worry about the
one level of permissions. It used to be the default share permission was
EVERYONE FULL CONTROL but with the security initiatives had MSFT chop that
back to EVERYONE READ by default in K3 so you have to go open it back up
to whatever is needed. If you absolutely NEVER need full control through a
share, then use EVERYONE CHANGE. But then the next thing you know, some
admin will come through the share and won't be able to do what they think
they should be able to do and you spend hours or days troubleshooting it
because so few people really understand perms very well. Which is why I
say, set shares to EVERYONE FULL CONTROL and manage NTFS properly.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


steve wrote:
Im taking a windows 2003 course.

Im confused on shares and ntfs permissions. I understand most of it
but some of the details I get mixed up on. Is there a web site that
has a chart or something that lists all the various permissions and
their interactions etc. Or some web site that helps to understand
them, who gets what by default and what that means.

thanks.



.

Relevant Pages

  • Re: Directory Permissions - What gives?
    ... You control security at the NTFS folder ... As far as best practices are concerned in the "old days" as many of ... you do not control security at the Share level. ... You use NTFS Folder and File permissions for that. ...
    (microsoft.public.windows.server.general)
  • Re: FTP control
    ... > I would like to use NTFS security settings to control who ... I would suggest getting a third party FTP server, ... if you set quota and these permissions for that group you can ... Information Server (IIS) Web site, ...
    (microsoft.public.win2000.security)
  • RE: Any way to remove ADMIN$ only?
    ... Mixing the share permissions and the NTFS permissions generally cause ... which means more groups/people access the same shares. ... Along comes another admin that creates a share at a higher level in the ...
    (Focus-Microsoft)
  • Re: Permissions Chart ?? or web site ??
    ... Truly the best way of handling this which gets all of the confusion out of the way is to set the Share permissions to EVERYONE FULL CONTROL and then properly manage the NTFS permissions, then you only worry about the one level of permissions. ... Or some web site that helps to understand ...
    (microsoft.public.windows.server.active_directory)
  • Re: Full Share Permission
    ... if the owner of a share folder has given me full control on ... the share but restricted me with read only NTFS on a file within the folder I ... >> The description of share permissions lists the privileges of Full ...
    (microsoft.public.windows.server.sbs)
Loading