Re: Directory Permissions - What gives?
- From: "SBS Rocker" <noreply@xxxxxxxxxxxx>
- Date: Thu, 19 Jul 2007 11:00:57 -0700
OK I can agree with that and "I stand corrected" on the guest account. So in
a nutshell best to apply "Authenticated Users" = FULL at the share level and
that's all that needs to be done at the share level. But your way of
creating new groups and applying it at the share level is not necessary or
best practices. I'm out of this thread........ I hope Andrew got his answer
:)
"Dragos CAMARA" <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:853B95FE-8EAA-4C7B-91FD-9AEEA43BDDC0@xxxxxxxxxxxxxxxx
i can agree that authenticated users can be a best practices, but you make
again a VERY BAD MISTAKE : guest account isn't member of authenticated
users
group :)(you have to read and learn more)
The Everyone group often contains the same set of users as the Users and
Authenticated Users groups. However, if you've enabled the Guest account,
you'll find that users who have logged on as Guest are members of Everyone
but not members of Users or Authenticated Users.
The difference between the Users and Authenticated Users groups is a bit
more esoteric.
Windows networks include the ability to have computer-to-computer
connections that involve null sessions. Computers use these sessions to
exchange lists of shared folders, printers, and other network resources;
workstations use null sessions to connect to domain controllers (DCs)
before
users authenticate to the domain.
--
Dragos CAMARA
MCSA Windows 2003 server
"SBS Rocker" wrote:
Now that's what everyone here is talking about Dragos. You are creating
more
work. If you had the parent folder shared at Everyone=FULL or even better
Authenticated Users=FULL you'll never have to modify the share
permissions
again no matter what type of access you need to grant in the folder or
sub
folder. All security is now controlled and managed at the NFTS folder and
sub folder levels.
There was a reason why pre W2K3 by default for a share was Everyone=FULL.
Now they have changed it to Everyone=Read. You may not agree with having
Everyone=FULL at the share level but you seem to agree with Authenticated
Users=FULL at the share level. Isn't the Guest account a member of
Everyone
as well as Authenicated Users? That siad if you did it that way there
would
be no reason to creating new groups or removing groups at share level.
Correct? All you would need to do at the parent FolderA and sub folderB
now
is create one new group and give them Read access. Copy the inherited
NTFS
permissions from the parent folder and add Group B and have inheritance
turned on at the sub level to all child folders.
That is the reasoning behind why you only need to apply one group at the
share level so you don't have to go back and do all the extra work at the
share level as you just explained.
"Dragos CAMARA" <dragos_c@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:707B3AF6-BA71-4A69-B0A6-04807F047C1A@xxxxxxxxxxxxxxxx
simple as a walking in a park :
create a group C give ntfs share permisions to that group, add group A
and
B
to C, remove group A from share permission, give NTFS rights acording
to
group A and B.
everyone group full access : includes anyone who has access to network
resources, including the Guest account - so keep to guest account with
that
rights
--
Dragos CAMARA
MCSA Windows 2003 server
"Albert Louis" wrote:
hmmmmmmmmmm this is all very interesting. Sure would like to see what
Dragos
response is to Eagles10 question. Dragos I'm almost embarrassed to
have
read
your reply to Andrew instructing him to secure his folders at the
share
level using groups. Makes the rest of us MCSA's look like we have no
creditability
"Eagles10" <bogus@xxxxxxxxx> wrote in message
news:%233TvKRWyHHA.4276@xxxxxxxxxxxxxxxxxxxxxxx
wow!!! looks like I stumbled into a very interesting thread. Did
anyone
ever resolve Andrew's issues? Let me throw in my cents here and try
not
to
offend anyone. I'm going to have to agree with SBS Rocker simply
because
if you start applying users and groups at the share level you are
creating
more work and managing the ntfs folder permissions becomes quite a
task
Rocker is correct. You need to apply Everyone=FULL at the share
level.
I'm
not sure what Dragos was thinking about offering his suggestion to
add
groups to the share permissions. Afterall he is a MCSA and he should
know
better than that.
Dragos what happens if I give Group A FULL share permissions and
Modify
NTFS permissions on the folder. Now I have a subfolder that requires
part
od the users of Group A to have Modify and a new Group B to have
read
access yet some of the members of Group B are members of Group A.
Now
what
are you going to do?
"Andrew" <Andrew@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BF348C3A-D097-4852-AFB2-71978C5D6F81@xxxxxxxxxxxxxxxx
I shared a directory with one of our Windows 2003 servers and gave a
user
Full Control accesss to that directory. However, from his computer
where
he
is logged on, he can't copy and paste anything to that directory.
If
he
remote desktop's into the server and logs on as himself, he can
browse
to
another network share and pull the file over without any problems.
I never had this problem in Windows 2000. How do I configure a
directory
on
a Windows 2003 server so that people can "push" files to that
folder
without
logging onto the server locally and "pulling" the files over?
.
- References:
- Re: Directory Permissions - What gives?
- From: Eagles10
- Re: Directory Permissions - What gives?
- From: Albert Louis
- Re: Directory Permissions - What gives?
- From: SBS Rocker
- Re: Directory Permissions - What gives?
- From: Dragos CAMARA
- Re: Directory Permissions - What gives?
- Prev by Date: Re: Directory Permissions - What gives?
- Next by Date: Re: Directory Permissions - What gives?
- Previous by thread: Re: Directory Permissions - What gives?
- Next by thread: Basic WINS configuration question.
- Index(es):
Relevant Pages
|
