shares
From: Julie K (anonymous_at_discussions.microsoft.com)
Date: 06/05/04
- Next message: Barbara Picard: "Server 2003 refusing to defrag"
- Previous message: dmac: "Re: NEWBIE needs help please"
- Next in thread: Lanwench [MVP - Exchange]: "Re: shares"
- Reply: Lanwench [MVP - Exchange]: "Re: shares"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 5 Jun 2004 09:39:50 -0700
I now realize that the admin account has default access
to the admin c$ on the server. Should other non admin
accounts be able to VIEW unshared folders on the server?
I know they shouldn't be able to access them if they are
not shared out but should they be able to VIEW unshared
folders.
Secondly, what happens when you share out a folder to the
everyone group but don't share out the folders in the
shared folder. Why can users with no admin rights see the
folders with the share that are not shared out?
Any ideas?
TX,
Julie K
On 6/4/04 9:44 PM, in article 1883c01c44a9e$a936b700
$a101280a@phx.gbl,
"Julie K" <anonymous@discussions.microsoft.com> wrote:
> Hello,
>
> I am fairly new to windows server and am trying to
> understand how shares and permissions work. I understand
> how to share a folder but am confused on why client
> machines running win xp pro can access folders that I
> have not shared on the network....I have set permissions
> for these folders but have not shared the folder out. I
> thought the whole point in sharing a folder on a server
> was to allow users to access the share over the
> network....if you don't need to share the folder out
then
> why is this ability there? What's the whole point in the
> little hand under the folder showing that it has been
> shared if setting permissions on the folder allows for
> access over the network anyway?
>
> How does sharing a folder different from setting
> permissions on that folder.
>
> Regrads,
> Julie
Hey Julie
Few things, since Windows 2000 Microsoft has decided to
move away from
"Share Level" permission. This was the old way to
restrict remote access to
files. At the same time they automatically created c$ d$
etc... Shares.
Any share with with a following $ sign means it hidden.
You can check for
these shares in the computer management tool, right click
on my computer and
go to manage.
Shares are still needed to share files, by default
Windows has these c$
shares "example \\desktop-or-server\c$" c = drive letter.
Not sure what "Best Practice" is but I make any normal
after windows install
share everyone or domain users full access and then lock
the files and
folders down with NTFS permissions.
Now here is the thing,
you can not access the c$ share without local admin
access, and passed that
you must have the correct NTFS right (normally you would
have since your are
at least a local admin)
To conclude Share can be thought of gateways into the
file areas of a
desktop or server, where permissions (NTFS) is the Access
rights to said
files and folders.
And just in case you ask what happens when permission
overlap with Share
level and NTFS permissions?
A: Most restrictive, example: Share level = Users - RO /
NTFS = Users - RW
In this case the Users group would only have Read only
since the most
restrictive would be RO from the share. Now also as a
last point the RO
would only take effect if that user access the files and
folders via the
Share and not local.
Hope I helped,
J5 - Eric A. Weintraub
Sr. Network Administrator
ScriptLogic Corp
- Next message: Barbara Picard: "Server 2003 refusing to defrag"
- Previous message: dmac: "Re: NEWBIE needs help please"
- Next in thread: Lanwench [MVP - Exchange]: "Re: shares"
- Reply: Lanwench [MVP - Exchange]: "Re: shares"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
