Re: Share Permissions vs NTFS Permissions
- From: "AllenM" <Bogus@xxxxxxxxxxxxxxx>
- Date: Mon, 18 Jun 2007 08:52:28 -0700
Pegasus is correct here simple because SHARE permissions superceed NTFS file
permissions with the "least" permissive or as some say "most" restrictive.
If you start controlling access at the share level you'll find yourself
creating more groups and adding security more than you have to. What happens
if you share a top level folder with GroupA=READ and GroupB=Change then you
have sub folders where GroupA needs Modify access on one folder yet only
Read access on another? What are you going to do? GroupA can now only have
Read access within any folder or sub folder. you can't even create another
group and add those users to have Modify access because their in a Read only
Share group that will take precedent over any other group there in. industry
standards and best practices sine the old NT days have "always" been
Everyone-FULL at the share level and control folder security using NTFS.
"Pegasus" <I.can@xxxxxxx> wrote in message
news:ONMee0RsHHA.4796@xxxxxxxxxxxxxxxxxxxxxxx
"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:exh23TRsHHA.484@xxxxxxxxxxxxxxxxxxxxxxx
"Pegasus" <I.can@xxxxxxx> wrote in message
news:eGVHXKRsHHA.1408@xxxxxxxxxxxxxxxxxxxxxxx
NTFS permissions are sufficiently powerful to keep out
unauthorised users. I'd be interested to hear why you are
so strongly in favour of a belt-and-braces approach.
I already gave you the why -- re-read the message.
I was hoping for a little more substance. When I apply
permissions then I check them, same as I check all my
other work. If I detect a mistake then I prefer to correct
it instead of adding a second security layer which offers
far less flexibility or granularity than ACLs.
Security principle: Never grant more security privileges than
necessary, even with the INTENT to restrict them later.
Always grant the minimum privileges at each opportunity.
Alwasy grant privileges to ONLY those who specifically need
them.
You may in fact get the NTFS perfect -- but the fact that you
have to check them (and you should) implies you COULD be
wrong. Don't take such chances unnecessarily and don't recommend
that others (who may not be as careful as you) do so as a GENERAL
rule.
Recommend the tightest possible (practical) settings, with privileges
being granted as EXCEPTIONS whenever possible.
This is the way good security works more reliably.
--
Herb Martin, MCSE, MVP
http://www.LearnQuick.Com
(phone on web site)
Just because I ***might*** forget to do up my belt does
not necessarily mean that I wear braces. It seems you do
(or at least you recommend to the OP that he does).
.
- Follow-Ups:
- Re: Share Permissions vs NTFS Permissions
- From: Herb Martin
- Re: Share Permissions vs NTFS Permissions
- References:
- Re: Share Permissions vs NTFS Permissions
- From: Pegasus
- Re: Share Permissions vs NTFS Permissions
- From: Herb Martin
- Re: Share Permissions vs NTFS Permissions
- From: Pegasus
- Re: Share Permissions vs NTFS Permissions
- From: Herb Martin
- Re: Share Permissions vs NTFS Permissions
- From: Pegasus
- Re: Share Permissions vs NTFS Permissions
- From: Herb Martin
- Re: Share Permissions vs NTFS Permissions
- From: Pegasus
- Re: Share Permissions vs NTFS Permissions
- Prev by Date: Re: License Key
- Next by Date: Re: DC upgrade
- Previous by thread: Re: Share Permissions vs NTFS Permissions
- Next by thread: Re: Share Permissions vs NTFS Permissions
- Index(es):
Relevant Pages
|
