Re: Share and NTFS permissions not working as supposed
- From: "wombatwoo" <wendycox20@xxxxxxxxxxx>
- Date: 22 Mar 2007 02:12:55 -0700
On 21 Mar, 15:15, nca...@xxxxxxxxxxxxxxxx <nca...@xxxxxxxxxxxxxxxx>
wrote:
Lets start over:
Set the share permissions on the "Accounts" share to "authenticated Users"
Change and Read.
This should be the only permission for the share.
Set the NTFS permissions on the "Accounts" directory to "accounts group"
Read & Execute, List, and Read.
Leave the default permissions for system and administrators.
Create the User directory in the Accounts directory. On the Security tab of
the User directory properties you will see that the "User" directory
inherited the Read/list permissions for the to "accounts group".
With the to "accounts group" selected, check the Modify permission. Click OK
Click OK
"wombatwoo" wrote:
Hi
My problem is.... I am trying a new directory structure on a Windows
2003 server, which has a share called Accounts and a directory below,
named Users. I want the accounts group to have read only rights to
the Accounts directory, but full rights to the Users directory.
I am fairly new to Windows permissions, so I have been reading up on
the subject. Everywhere tells me to give the Accounts group full
rights to the Accounts directory share and set the NTFS permissions to
read only. Then give the Accounts group NTFS full rights to the Users
directory, removing inheritance, but copying the rights,
I'm finding that by giving the Accounts group full rights to the
Accounts share, they can create in all of the directories. If I
restrict the share permissions to read only, they cannot create in any
of the directories! I thought that restrictive permissions overruled
any others, so why don't the NTFS permissions on the Accounts
directory (being set as read only) stop the Accounts group from
creating in that directory? It appears to me that the share
permissions are overriding all other permissions.
Can anybody explain this to me? At the moment I have to deny the
Accounts group write rights to the Accounts directory to stop them
creating here.- Hide quoted text -
- Show quoted text -
Hi
Thanks for your advice. I've tried what you suggested, but the same
thing happened. Basically, it appears that giving Authenticated users
Change and Read writes overrides any NTFS permissions on that
directory. I also managed to achieve write access to the Accounts
folder with a user who had no NTFS rights to it at all.
I'm beginning to think this is a wider problem, possibly with how our
network is setup??!?
.
- Follow-Ups:
- Re: Share and NTFS permissions not working as supposed
- From: wombatwoo
- Re: Share and NTFS permissions not working as supposed
- References:
- Share and NTFS permissions not working as supposed
- From: wombatwoo
- Share and NTFS permissions not working as supposed
- Prev by Date: Re: Sharing folders
- Next by Date: Re: Windows Server 2003 R2 32bit or 64bit for file serving
- Previous by thread: Share and NTFS permissions not working as supposed
- Next by thread: Re: Share and NTFS permissions not working as supposed
- Index(es):
Relevant Pages
|
