Re: quick file sharing question
From: Mark-Allen Perry (mark-allen_at_mvps_dot_org)
Date: 09/22/04
- Next message: Rex: "Apply the premission to the directory"
- Previous message: Arek Iskra [MVP]: "Re: Odd quirks with video acceleration"
- In reply to: Pegasus \(MVP\): "Re: quick file sharing question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 22 Sep 2004 14:33:55 +0200
I stand corrected. Going back and checking the share setup I have, you are correct in stating the share perms are only 3 types. Thanks for pushing the point so I could refresh my old memory.
However, the main point I was trying to make was if you place "Everyone" on share perms *and* give them *Full Control*, this is inherently bad security. If used as a test for access problems, I agree. But after determining the correct solution for your access problem, it should them be substituted for something a bit more restricting, i.e.. domain users, specific groups, etc.
But yes, you have correct my mistaken part about share perm granularity. An oversight on my part.
-- And always try the MS KB first before posting. The answer is probably already posted. MS KB: http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO ---- Mark-Allen Perry ALPHA Systems Marly, Switzerland mark-allen_AT_mvps_DOT_org "Pegasus (MVP)" <I.can@fly.com> wrote in message news:%23nuoE3JoEHA.3396@tk2msftngp13.phx.gbl... You write "Share permissions have the same functionality and granularity as file/folder perms, so this is a mute question." I do not think it is a moot point at all. Share permissions can be set for the whole share only, and cannot be set ifor individual files and folders within that share. Three levels are available: - Full control (yes/no) - Change (yes/no) - Read (yes/no) NTFS permissions can be set for a whole tree or for any file or folder within that tree. The following levels are available: - Full control - Traverse folder - List folder / read data - Read attributes - Read extended attributes - Create files / write data - Create folders / append data - Write attributes - Write extended attributes - Delete subfolders and files - Delete - Read permissions - Change permissions - Take ownership The concept of "ownership" is not even available for share permissions. I would be interested to hear how you can claim that share permissions have the same granularity as NTFS permissions. Please be specific: How would you, for example, set ownership with share permissions? How would you allow or deny the traversing of folder boundaries? Chuzemischt! "Mark-Allen Perry" <mark-allen@mvps_dot_org> wrote in message news:uSMLgcJoEHA.2024@TK2MSFTNGP09.phx.gbl... Share permissions have the same functionality and granularity as file/folder perms, so this is a mute question. The is no *perfect* solution for this type of a question, only what one admin (or set of standards) considers to be the best fit for them. I happen to prefer (on a professional basis) controlling share permissions *and* file/folder permissions. But that more likely since that was the way I found to work for me. The point I was making is that the *Everyone* group has "inherently" bad security level and was proposing if this was used to remember to set it to something more secure, for example "Domain Users" or "Authenticated Users". But it is one of many different ways that security can be enhanced, yet allow users to accomplish their jobs. -- And always try the MS KB first before posting. The answer is probably already posted. MS KB: http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO ---- Mark-Allen Perry ALPHA Systems Marly, Switzerland mark-allen_AT_mvps_DOT_org "Pegasus (MVP)" <I.can@fly.com> wrote in message news:uyAbhWHoEHA.4008@TK2MSFTNGP14.phx.gbl... Assuming that the "biggest" padlock is "read-only access for everyone", and assuming that this is the share permission you set, how will you give full access to certain users or groups? "Mark-Allen Perry" <mark-allen@mvps_dot_org> wrote in message news:uHd3bPHoEHA.3224@tk2msftngp13.phx.gbl... Nope. I didn't forget that but it's a good to point it out for all. In my experience (ok, not that much) I tend to think the first door (shares perms) is where I'd put the biggest padlock. Just a convention of mine but you're correct. -- And always try the MS KB first before posting. The answer is probably already posted. MS KB: http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO ---- Mark-Allen Perry ALPHA Systems Marly, Switzerland mark-allen_AT_mvps_DOT_org "Pegasus (MVP)" <I.can@fly.com> wrote in message news:OqVtQDGoEHA.3460@TK2MSFTNGP15.phx.gbl... It seems you're ingoring the fact that when Windows is dealing with conflicting permissions, it applies the most restrictive ones. It is therefore perfectly safe to set the share permissions to "Full" for everybody, as long as you set the NTFS permissions correctly. It really does not make much sense having two "padlocks" for your files and folders. Leaving the share permissions wide open means that you can concentrate on the NTFS permissions, and make them as restrictive as you like. I recommend that you test this for yourself. "Mark-Allen Perry" <mark-allen@mvps_dot_org> wrote in message news:Of9I%231CoEHA.2900@TK2MSFTNGP12.phx.gbl... Not to degrade the excellent responses from Pegasus and allenmiyake (which I believe are correct) but only set to Everyone for testing and correction. I would not suggest to leave it with this setting. Everyone is a VERY BROAD group and can allow EVERYONE in the world in. Just a thought. Comments? -- And always try the MS KB first before posting. The answer is probably already posted. MS KB: http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO ---- Mark-Allen Perry ALPHA Systems Marly, Switzerland mark-allen_AT_mvps_DOT_org "Scott" <anonymous@discussions.microsoft.com> wrote in message news:031a01c49f5c$a075d160$a601280a@phx.gbl... I have a new Windows 2003 server (setup as a domain) and 5 windows 98se workstations (just upgraded from a old NT 4.0 server). The problem I'm having is setting permissions for the users to access folders or files on the server. I keep getting access denied messages (saying I don't have rights to the files) which I believed to be shared ok. I checked the permissions on the folders and even set it for access by everyone to test it but I'm still having the problem. The users can browse the folders ok but when they click on say a MS Word document, they can't access the file. The users all seem to login properly and can browse the folders. Am I missing somthing here? Thanks for your advise.
- Next message: Rex: "Apply the premission to the directory"
- Previous message: Arek Iskra [MVP]: "Re: Odd quirks with video acceleration"
- In reply to: Pegasus \(MVP\): "Re: quick file sharing question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
