RE: Need help understanding file rights



"Patrick Hunter" wrote:

> I'm having some trouble understanding how Windows server does file rights. I
> created a share and then created department and user home directories under
> it. I created users and they had full rights to their home directory,
> however, they were read-only. Then I read that I needed to grant full control
> to everyone to the share itself. However, this opened up the directories so
> that everyone could write to wherever they wanted. My understanding is that I
> now need to adjust NTFS rights to provide full access to user's home
> directories and nowhere else (Who came up with this system? Novell does it so
> much better). Unfortunately, I don't have a clue how to do that correctly. I
> look at the security tab for the folders, and I see a number of different
> system groups listed there with various rights. I don't know what to add or
> remove to the various directories. What I want is to allow users full access
> to their home directories only and still be able to backup the server.
> Unfortunately, there doesn't seem to be a guide anywhere that can help me
> with this task. If anybody could assist me, I would greatly appreciate it.

Well... where do i start from? Let's make it short, you can set permission
in two different places for a folder, share and file system. On the share you
can set the access from the network and you can safely put there real users
and groups only; on file system you can set permission in a much more
granular way (check the advanced tab and you'll see what i mean). You saw
other users and groups on the security tab which is the file system part of
the permission: they are SYSTEM, ADMINISTATORS, DOMAIN ADMINS and so on.
These are system built-in users and groups and i suggest you to leave them
there when the system creates them by default (also they help to make sure
you can backup them).

Now, what happens when permissions conflicts? It works like this: if i am
part of two groups and grop A can read the share but group B cannot read the
share then i am applied with the less restrictive permission. On the file
system happens the same. Now, if my share permission results that i can write
but on the filesystem results that i can only read what happens? Then most
restrictive of the two will be applied.

I know, it sound confusing but when you get used to it you'll find out it's
a pretty powerful tool; i worked with UNIX\LINUX for a while and let me tell
those people DREAM of this on their systems!

About backups, you only have to make sure that the user that your backup
software it's using to run has permission on all the folders and files you're
backing up.

I suggestion go to the library and buy a good book about this. It's a basic
issue so you will certainly find something.

Hope i was clear.
.

Relevant Pages

  • Re: Need help understanding file rights
    ... Add the user for that directory and its also a good idea to Add a backup ... want to grant (the top one gives all rights) then Apply and save. ... > I'm having some trouble understanding how Windows server does file rights. ... > to their home directories only and still be able to backup the server. ...
    (microsoft.public.windows.server.general)
  • Re: Unable to prevent OU deletion by Domain Admins?
    ... This posting is provided "AS IS" with no warranties, and confers no rights. ... >>>> It is even worse when Microsoft's own guidelines for parsing ACLs ... >>>> that DENY ACLs trump any allow ACLs ... >>> the list of permission entries in the DACL. ...
    (microsoft.public.win2000.active_directory)
  • Adding Roles With Selected Permission In Custom Add Role ASpx Page
    ... I have made a custom aspx form that lists down all the available permission ... rights for all groups in a Grid, and provides a text field for Site Group ... document libraries, edit Web discussion comments in documents, and customize ...
    (microsoft.public.sharepoint.portalserver.development)
  • Thinking outside the box on file systems
    ... contains file data, name data, and permission data. ... files that you have some rights to and files where you ... The ACLs that were added to Linux were a step in the ... there would be mid level roles where users and objects ...
    (Linux-Kernel)
  • Re: Rec Bikes Techs other incarnation
    ... >> implies permission to distribute and copy the message in the regular ... There is not, so far as I have seen, a case which tests this Usenet limits, ... rights of privacy, and those writings can be used by the employer (parts of, ...
    (rec.bicycles.tech)